CVE-2024-47408

Advisory lineage Upstream: 0 Downstream: 40

Downstream

DEBIAN-CVE-2024-47408 DLA-4076-1 MGASA-2025-0030 MGASA-2025-0032 SUSE-SU-2025:01919-1 SUSE-SU-2025:01951-1

Modified

Published: 11 Jan 2025, 12:35

Last modified:11 May 2026, 20:38

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

<0.01% LOW

0% probability -0.03%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 Jan 2025, 12:35

Published

Vulnerability first disclosed

11 May 2026, 20:38

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the value of smcd_v2_ext_offset before using it.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Affected Systems

linux•linux
≥ 5c21c4ccafe85906db809de3af391fd434df8a27, < a36364d8d4fabb105001f992fb8ff2d3546203d6 | ≥ 5c21c4ccafe85906db809de3af391fd434df8a27, < e1cc8be2a785a8f1ce1f597f3e608602c5fccd46 | ≥ 5c21c4ccafe85906db809de3af391fd434df8a27, < 935caf324b445fe73d7708fae6f7176fb243f357 | ≥ 5c21c4ccafe85906db809de3af391fd434df8a27, < 48d5a8a304a643613dab376a278f29d3e22f7c34 | ≥ 5c21c4ccafe85906db809de3af391fd434df8a27, < 9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad | 5.10
linux•linux_kernel
≥ 5.10, < 5.15.176 | ≥ 5.16, < 6.1.122 | ≥ 6.2, < 6.6.68 | ≥ 6.7, < 6.12.7 | 6.13:rc1 | 6.13:rc2 | 6.13:rc3