PT-2025-3581 · Linux+7 · Linux Kernel+7
Published
2024-12-19
·
Updated
2025-10-03
·
CVE-2024-57802
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue occurs because the skb buffer is too small, and its actual allocation is aligned, hiding the fact that nr route frame does not validate the buffer size before using it. This can be fixed by checking
skb->len before accessing any fields in skb->data. The vulnerability was found by the Linux Verification Center with Syzkaller.Recommendations
To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider restricting access to the vulnerable
nr route frame function until a patch is available.Exploit
Fix
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu