PT-2025-2834 · Linux+6 · Linux Kernel+6

D. Wythe

+2

·

Published

2024-12-11

·

Updated

2026-03-14

·

CVE-2024-49571

CVSS v2.0

6.2

Medium

VectorAV:A/AC:L/Au:S/C:P/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description The issue concerns the Linux kernel, specifically the net/smc component. When receiving a proposal message in the server, the fields iparea offset and ipv6 prefixes cnt from the remote client are not fully trusted. If the iparea offset exceeds its maximum value, it may lead to accessing the wrong address, potentially causing a crash. The patch addresses this by checking iparea offset and ipv6 prefixes cnt before using them.
Recommendations For versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider restricting access to the net/smc component until the patch is applied.

Exploit

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2025-08001
CVE-2024-49571
DLA-4076-1
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1110
OESA-2025-1111
OESA-2025-1113
OESA-2025-1114
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:1293-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
SUSE-SU-2025_1293-1
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7407-1
USN-7421-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7522-1
USN-7523-1
USN-7524-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu