{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-57791", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-01-09T09:50:31.752Z", "datePublished": "2025-01-11T12:35:48.905Z", "dateUpdated": "2025-05-04T10:04:52.163Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T10:04:52.163Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check return value of sock_recvmsg when draining clc data\n\nWhen receiving clc msg, the field length in smc_clc_msg_hdr indicates the\nlength of msg should be received from network and the value should not be\nfully trusted as it is from the network. Once the value of length exceeds\nthe value of buflen in function smc_clc_wait_msg it may run into deadloop\nwhen trying to drain the remaining data exceeding buflen.\n\nThis patch checks the return value of sock_recvmsg when draining data in\ncase of deadloop in draining."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/smc/smc_clc.c"], "versions": [{"version": "fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1", "lessThan": "82c7ad9ca09975aae737abffd66d1ad98874c13d", "status": "affected", "versionType": "git"}, {"version": "fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1", "lessThan": "6b80924af6216277892d5f091f5bfc7d1265fa28", "status": "affected", "versionType": "git"}, {"version": "fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1", "lessThan": "d7d1f986ebb284b1db8dafca7d1bdb6dd2445cf6", "status": "affected", "versionType": "git"}, {"version": "fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1", "lessThan": "7a6927814b4256d603e202ae7c5e38db3b338896", "status": "affected", "versionType": "git"}, {"version": "fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1", "lessThan": "df3dfe1a93c6298d8c09a18e4fba19ef5b17763b", "status": "affected", "versionType": "git"}, {"version": "fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1", "lessThan": "c5b8ee5022a19464783058dc6042e8eefa34e8cd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/smc/smc_clc.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.233", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.176", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.122", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.68", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.7", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.10.233"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.15.176"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.1.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.6.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.12.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/82c7ad9ca09975aae737abffd66d1ad98874c13d"}, {"url": "https://git.kernel.org/stable/c/6b80924af6216277892d5f091f5bfc7d1265fa28"}, {"url": "https://git.kernel.org/stable/c/d7d1f986ebb284b1db8dafca7d1bdb6dd2445cf6"}, {"url": "https://git.kernel.org/stable/c/7a6927814b4256d603e202ae7c5e38db3b338896"}, {"url": "https://git.kernel.org/stable/c/df3dfe1a93c6298d8c09a18e4fba19ef5b17763b"}, {"url": "https://git.kernel.org/stable/c/c5b8ee5022a19464783058dc6042e8eefa34e8cd"}], "title": "net/smc: check return value of sock_recvmsg when draining clc data", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "96178B53-6E4B-420C-9D2E-63A92F2F6D51", "versionEndExcluding": "5.10.233", "versionStartIncluding": "5.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDBD8FC6-2357-4347-BFA1-B4A4A3039F35", "versionEndExcluding": "5.15.176", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B06AD1C-E7B3-4B24-A884-D3BE92CC042F", "versionEndExcluding": "6.1.122", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "74BA9823-CCED-4B24-815D-B82543954BF8", "versionEndExcluding": "6.6.68", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "811AC89A-14AC-49FA-9B54-E99526F1CA47", "versionEndExcluding": "6.12.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.8:-:*:*:*:*:*:*", "matchCriteriaId": "0E2DC66F-4A95-475F-B8B6-191DEC1E7EF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.8:rc5:*:*:*:*:*:*", "matchCriteriaId": "5F813669-CB80-4A17-9141-F3A4FA98CA13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.8:rc6:*:*:*:*:*:*", "matchCriteriaId": "69E12239-342D-43B2-93F0-2760623AFEEF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.8:rc7:*:*:*:*:*:*", "matchCriteriaId": "CA1501B4-945A-45C2-8E7C-65085BF91C76", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check return value of sock_recvmsg when draining clc data\n\nWhen receiving clc msg, the field length in smc_clc_msg_hdr indicates the\nlength of msg should be received from network and the value should not be\nfully trusted as it is from the network. Once the value of length exceeds\nthe value of buflen in function smc_clc_wait_msg it may run into deadloop\nwhen trying to drain the remaining data exceeding buflen.\n\nThis patch checks the return value of sock_recvmsg when draining data in\ncase of deadloop in draining."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: comprobar el valor de retorno de sock_recvmsg al drenar datos de clc Al recibir un mensaje de clc, la longitud del campo en smc_clc_msg_hdr indica que la longitud del mensaje debe recibirse de la red y que el valor no debe ser completamente confiable ya que es de la red. Una vez que el valor de la longitud excede el valor de buflen en la funci\u00f3n smc_clc_wait_msg, puede encontrarse con un bucle muerto al intentar drenar los datos restantes que exceden buflen. Este parche verifica el valor de retorno de sock_recvmsg al drenar datos en caso de un bucle muerto en el drenaje."}], "id": "CVE-2024-57791", "lastModified": "2025-10-16T17:19:33.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-11T13:15:29.253", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6b80924af6216277892d5f091f5bfc7d1265fa28"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7a6927814b4256d603e202ae7c5e38db3b338896"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/82c7ad9ca09975aae737abffd66d1ad98874c13d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c5b8ee5022a19464783058dc6042e8eefa34e8cd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d7d1f986ebb284b1db8dafca7d1bdb6dd2445cf6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/df3dfe1a93c6298d8c09a18e4fba19ef5b17763b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net/smc: check return value of sock_recvmsg when draining clc data", "id": "2337105", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337105"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-671", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet/smc: check return value of sock_recvmsg when draining clc data\nWhen receiving clc msg, the field length in smc_clc_msg_hdr indicates the\nlength of msg should be received from network and the value should not be\nfully trusted as it is from the network. Once the value of length exceeds\nthe value of buflen in function smc_clc_wait_msg it may run into deadloop\nwhen trying to drain the remaining data exceeding buflen.\nThis patch checks the return value of sock_recvmsg when draining data in\ncase of deadloop in draining."], "name": "CVE-2024-57791", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-57791\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57791\nhttps://lore.kernel.org/linux-cve-announce/2025011147-CVE-2024-57791-7bc8@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-12T22:00:55.087087+00:00", "updated": "2025-07-12T22:00:55.087138+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}