In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tun_xdp_one() path, which could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tun_xdp_one-->eth_type_trans() may access the Ethernet header although it can be less than ETH_HLEN. Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. In the alternative path, tun_get_user() already prohibits short frame which has the length less than Ethernet header size from being transmitted for IFF_TAP. This is to drop any frame shorter than the Ethernet header size just like how tun_get_user() does. CVE: CVE-2024-41091
History

Tue, 24 Sep 2024 11:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8

Tue, 24 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:rhel_aus:8.2

Thu, 12 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 06 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_tus:8.4::nfv
cpe:/o:redhat:rhel_aus:8.4
cpe:/o:redhat:rhel_e4s:8.4
cpe:/o:redhat:rhel_eus:8.8
cpe:/o:redhat:rhel_eus:9.2
cpe:/o:redhat:rhel_tus:8.4

Wed, 28 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat enterprise Linux

Mon, 26 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhel_e4s:9.0

Mon, 26 Aug 2024 06:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.2::nfv
Vendors & Products Redhat rhel Eus

Tue, 13 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_e4s:9.0
cpe:/o:redhat:rhel_aus:8.6
cpe:/o:redhat:rhel_e4s:8.6
cpe:/o:redhat:rhel_tus:8.6
Vendors & Products Redhat rhel Aus
Redhat rhel Tus

Tue, 13 Aug 2024 06:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::nfv
Vendors & Products Redhat
Redhat rhel E4s

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-29T06:18:12.019Z

Updated: 2024-11-05T09:36:31.969Z

Reserved: 2024-07-12T12:17:45.636Z

Link: CVE-2024-41091

cve-icon Vulnrichment

Updated: 2024-08-02T04:46:52.398Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-29T07:15:07.553

Modified: 2024-11-21T09:32:13.587

Link: CVE-2024-41091

cve-icon Redhat

Severity : Important

Publid Date: 2024-07-24T17:00:00Z

Links: CVE-2024-41091 - Bugzilla