CVE-2024-49978

Advisory lineage Upstream: 0 Downstream: 28

Downstream

DEBIAN-CVE-2024-49978 DLA-4008-1 MGASA-2024-0344 MGASA-2024-0345 OPENSUSE-SU-2024:14500-1 OPENSUSE-SU-2025:14705-1

Modified

Published: 21 Oct 2024, 18:02

Last modified:11 May 2026, 20:43

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

<0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Oct 2024, 18:02

Published

Vulnerability first disclosed

11 May 2026, 20:43

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: gso: fix udp gso fraglist segmentation after pull from frag_list Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For UDP, this causes a NULL ptr deref in __udpv4_gso_segment_list_csum at udp_hdr(seg->next)->dest. Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ 9fd1ff5d2ac7181844735806b0a703c942365291, < 080e6c9a3908de193a48f646c5ce1bfb15676ffc | ≥ 9fd1ff5d2ac7181844735806b0a703c942365291, < af3122f5fdc0d00581d6e598a668df6bf54c9daa | ≥ 9fd1ff5d2ac7181844735806b0a703c942365291, < 33e28acf42ee863f332a958bfc2f1a284a3659df | ≥ 9fd1ff5d2ac7181844735806b0a703c942365291, < 3cd00d2e3655fad3bda96dc1ebf17b6495f86fea | ≥ 9fd1ff5d2ac7181844735806b0a703c942365291, < a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab | 5.6
linux•linux_kernel
≥ 5.6, < 6.1.113 | ≥ 6.2, < 6.6.55 | ≥ 6.7, < 6.10.14 | ≥ 6.11, < 6.11.3 | 6.12:rc1