Vulnerabilities > CVE-2024-50258 - Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: net: fix crash when config small gso_max_size/gso_ipv4_max_size Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk_gso_max_size would be much bigger than device limits. Call Trace: tcp_write_xmit tso_segs = tcp_init_tso_segs(skb, mss_now); tcp_set_skb_tso_segs tcp_skb_pcount_set // skb->len = 524288, mss_now = 8 // u16 tso_segs = 524288/8 = 65535 -> 0 tso_segs = DIV_ROUND_UP(skb->len, mss_now) BUG_ON(!tso_segs) Add check for the minimum value of gso_max_size and gso_ipv4_max_size.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/90c8482a5d9791259ba77bfdc1849fc5128b4be7
- https://git.kernel.org/stable/c/9ab5cf19fb0e4680f95e506d6c544259bf1111c4
- https://git.kernel.org/stable/c/ac5977001eee7660c643f8e07a2de9001990b7b8
- https://git.kernel.org/stable/c/e72fd1389a5364bc6aa6312ecf30bdb5891b9486
- https://git.kernel.org/stable/c/e9365368b483328639c03fc730448dccd5a25b6b