VYPR
Medium severity5.5NVD Advisory· Published Oct 21, 2024· Updated May 12, 2026

CVE-2024-49948

CVE-2024-49948

Description

In the Linux kernel, the following vulnerability has been resolved:

net: add more sanity checks to qdisc_pkt_len_init()

One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len.

virtio_net_hdr_to_skb() does not fully dissect TCP headers, it only make sure it is at least 20 bytes.

It is possible for an user to provide a malicious 'GSO' packet, total length of 80 bytes.

  • 20 bytes of IPv4 header
  • 60 bytes TCP header
  • a small gso_size like 8

virtio_net_hdr_to_skb() would declare this packet as a normal GSO packet, because it would see 40 bytes of payload, bigger than gso_size.

We need to make detect this case to not underflow qdisc_skb_cb(skb)->pkt_len.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

83

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.