CVE-2024-41044

Published Jul 29, 2024

Last updated 6 months ago

CVSS medium 5.5

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual body beyond PPP_LCP header bytes, and reject claimed-as-LCP but actually malformed data otherwise.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Modified
Products: linux_kernel

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4C1CADD5-B7C9-4D6C-ABB1-72228A2C93EE",
            "versionEndExcluding": "4.19.318",
            "versionStartIncluding": "2.6.13",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "625DBFAB-C3D0-4309-A27F-12D6428FB38F",
            "versionEndExcluding": "5.4.280",
            "versionStartIncluding": "4.20",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "00696AC5-EE29-437F-97F9-C4D66608B327",
            "versionEndExcluding": "5.10.222",
            "versionStartIncluding": "5.5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD",
            "versionEndExcluding": "5.15.163",
            "versionStartIncluding": "5.11",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "100CDF74-4DB5-4FC6-A54B-BDBDB0C27137",
            "versionEndExcluding": "6.1.100",
            "versionStartIncluding": "5.16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "96AC42B8-D66D-4AC5-B466-E9BA7910FA29",
            "versionEndExcluding": "6.6.41",
            "versionStartIncluding": "6.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "AB2E8DEC-CFD5-4C2B-981D-E7E45A36C352",
            "versionEndExcluding": "6.9.10",
            "versionStartIncluding": "6.7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*",
            "matchCriteriaId": "6F62EECE-8FB1-4D57-85D8-CB9E23CF313C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*",
            "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*",
            "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*",
            "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc7:*:*:*:*:*:*",
            "matchCriteriaId": "11AF4CB9-F697-4EA4-8903-8F9417EFDA8E",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References