CVE-2024-50251 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

If access to offset + length is larger than the skbuff length, then
skb_checksum() triggers BUG_ON().

skb_checksum() internally subtracts the length parameter while iterating
over skbuff, BUG_ON(len) at the end of it checks that the expected
length to be included in the checksum calculation is fully consumed.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00304.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df`	affected	< a661ed364ae6ae88c2fafa9ddc27df1af2a73701
`7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df`	affected	< ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534
`7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df`	affected	< e3e608cbad376674d19a71ccd0d41804d9393f02
`7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df`	affected	< b1d2de8a669fa14c499a385e056944d5352b3b40
`7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df`	affected	< d3217323525f7596427124359e76ea0d8fcc9874
`7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df`	affected	< 0ab3be58b45b996764aba0187b46de19b3e58a72
`7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df`	affected	< c43e0ea848e7b9bef7a682cbc5608022d6d29d7b
`7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df`	affected	< d5953d680f7e96208c29ce4139a0e38de87a57fe

Linux

affected

Version	Status	Constraints
`4.5`	affected	—
`0`	unaffected	< 4.5
`4.19.323`	unaffected	≤ 4.19.*
`5.4.285`	unaffected	≤ 5.4.*
`5.10.229`	unaffected	≤ 5.10.*
`5.15.171`	unaffected	≤ 5.15.*
`6.1.116`	unaffected	≤ 6.1.*
`6.6.60`	unaffected	≤ 6.6.*
`6.11.7`	unaffected	≤ 6.11.*
`6.12`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.16.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:10939	2024-12-11T00:00:00Z
kernel-0:5.14.0-503.16.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:10939	2024-12-11T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe
Redhat Subscribe	Enterprise Linux Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-4008-1	linux-6.1 security update
Debian DLA	DLA-4075-1	linux security update
Debian DSA	DSA-5818-1	linux security update
Ubuntu USN	USN-7276-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7277-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7288-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7288-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7289-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7289-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7289-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7289-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7291-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7293-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7295-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7305-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7308-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7310-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7331-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7388-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7389-1	Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN	USN-7390-1	Linux kernel (Xilinx ZynqMP) vulnerabilities
Ubuntu USN	USN-7393-1	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7401-1	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7413-1	Linux kernel (IoT) vulnerabilities
Ubuntu USN	USN-7449-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7449-2	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7450-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7451-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7452-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7453-1	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7458-1	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-7468-1	Linux kernel (Azure, N-Series) vulnerabilities
Ubuntu USN	USN-7523-1	Linux kernel (Raspberry Pi Real-time) vulnerabilities
Ubuntu USN	USN-7524-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7539-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7540-1	Linux kernel (Raspberry Pi) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72
https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701
https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534
https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40
https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d6d29d7b
https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874
https://git.kernel.org/stable/c/d5953d680f7e96208c29ce4139a0e38de87a57fe
https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02
https://github.com/slavin-ayu/CVE-2024-50251-PoC
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lore.kernel.org/linux-cve-announce/2024110937-CVE-2024-50251-66dc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-50251
https://www.cve.org/CVERecord?id=CVE-2024-50251

History

Mon, 03 Nov 2025 23:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00587}`	epss `{'score': 0.0065}`

Thu, 12 Dec 2024 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Fri, 22 Nov 2024 14:00:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024110937-CVE-2024-50251-66dc@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-50251 https://www.cve.org/CVERecord?id=CVE-2024-50251
Metrics	threat_severity `None`	threat_severity `Moderate`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://github.com/slavin-ayu/CVE-2024-50251-PoC

Thu, 14 Nov 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
Vendors & Products		Linux Linux linux Kernel
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 09 Nov 2024 10:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.
Title		netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
References		https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72 https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701 https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534 https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40 https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d6d29d7b https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874 https://git.kernel.org/stable/c/d5953d680f7e96208c29ce4139a0e38de87a57fe https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-11-09T10:14:59.820Z

Updated: 2025-11-03T22:27:31.759Z

Reserved: 2024-10-21T19:36:19.979Z

Link: CVE-2024-50251

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-11-09T11:15:10.900

Modified: 2025-11-03T23:17:06.490

Link: CVE-2024-50251

Redhat

Severity : Moderate

Publid Date: 2024-11-09T00:00:00Z

Links: CVE-2024-50251 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object