PT-2025-2766 · Linux+6 · Linux Kernel+6

Guangguan Wang

·

Published

2024-12-11

·

Updated

2026-03-14

·

CVE-2024-47408

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.74
Description: The issue arises when receiving a proposal message in the server, where the smcd v2 ext offset field from the remote client cannot be fully trusted. If the value of smcd v2 ext offset exceeds the maximum value, it may lead to accessing the wrong address, potentially causing a crash. This is resolved by checking the value of smcd v2 ext offset before using it.
Recommendations: For versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider restricting access to the net/smc module until a patch is available.

Exploit

Fix

Improper Resource Release

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-20

Related Identifiers

BDU:2025-04711
CVE-2024-47408
DLA-4076-1
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1110
OESA-2025-1111
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7407-1
USN-7421-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7522-1
USN-7523-1
USN-7524-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu