PT-2025-3626 · Linux+6 · Linux Kernel+6

Syzbot

·

Published

2024-12-30

·

Updated

2025-11-11

·

CVE-2024-57901

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description A vulnerability in the Linux kernel has been resolved, specifically in the af packet module. The issue was caused by a forgotten case for MSG PEEK in the vlan get protocol dgram() function, allowing a crash to occur. The function has been reworked to not touch the skb at all, making it usable from multiple CPUs on the same skb. A const qualifier has been added to the skb argument. The vulnerability was discovered by syzbot and is related to a kernel bug that causes a crash when the skb under panic function is called.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the vlan get protocol dgram() function until a patch is available. Restrict access to the vulnerable module af packet to minimize the risk of exploitation. Avoid using the MSG PEEK flag in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-99

Related Identifiers

ALSA-2025:20095
ALT-PU-2025-12647
ALT-PU-2025-5437
BDU:2025-04662
CVE-2024-57901
DLA-4075-1
DLA-4076-1
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1320
OESA-2025-1321
RHSA-2025:20095
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7391-1
USN-7392-1
USN-7392-2
USN-7392-3
USN-7392-4
USN-7393-1
USN-7401-1
USN-7407-1
USN-7413-1
USN-7421-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7463-1
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7522-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Ubuntu