CVE-2024-26752 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel

Link	Providers
https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d
https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500
https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79
https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae
https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56
https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6
https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5
https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/linux-cve-announce/2024040302-CVE-2024-26752-cb0a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26752
https://www.cve.org/CVERecord?id=CVE-2024-26752

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux Linux Linux linux Kernel
Weaknesses		CWE-131
CPEs		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:4.14.327:::::::* cpe:2.3:o:linux:linux_kernel:6.5.7:::::::* cpe:2.3:o:linux:linux_kernel:6.8:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc5::::::
Vendors & Products		Debian Debian debian Linux Linux Linux linux Kernel

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Show plain JSON

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26752", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.169Z", "datePublished": "2024-04-03T17:00:37.340Z", "dateUpdated": "2025-05-04T12:54:40.861Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:54:40.861Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pass correct message length to ip6_append_data\n\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\n\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\n\nHowever, the code which performed the calculation was incorrect:\n\n     ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0;\n\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\n\nAdd parentheses to correct the calculation in line with the original\nintent."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/l2tp/l2tp_ip6.c"], "versions": [{"version": "559d697c5d072593d22b3e0bd8b8081108aeaf59", "lessThan": "4c3ce64bc9d36ca9164dd6c77ff144c121011aae", "status": "affected", "versionType": "git"}, {"version": "1fc793d68d50dee4782ef2e808913d5dd880bcc6", "lessThan": "c1d3a84a67db910ce28a871273c992c3d7f9efb5", "status": "affected", "versionType": "git"}, {"version": "96b2e1090397217839fcd6c9b6d8f5d439e705ed", "lessThan": "dcb4d14268595065c85dc5528056713928e17243", "status": "affected", "versionType": "git"}, {"version": "cd1189956393bf850b2e275e37411855d3bd86bb", "lessThan": "0da15a70395182ee8cb75716baf00dddc0bea38d", "status": "affected", "versionType": "git"}, {"version": "f6a7182179c0ed788e3755ee2ed18c888ddcc33f", "lessThan": "13cd1daeea848614e585b2c6ecc11ca9c8ab2500", "status": "affected", "versionType": "git"}, {"version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070", "lessThan": "804bd8650a3a2bf3432375f8c97d5049d845ce56", "status": "affected", "versionType": "git"}, {"version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070", "lessThan": "83340c66b498e49353530e41542500fc8a4782d6", "status": "affected", "versionType": "git"}, {"version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070", "lessThan": "359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79", "status": "affected", "versionType": "git"}, {"version": "7626b9fed53092aa2147978070e610ecb61af844", "status": "affected", "versionType": "git"}, {"version": "fe80658c08e3001c80c5533cd41abfbb0e0e28fd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/l2tp/l2tp_ip6.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.308", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.270", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.211", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.150", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.80", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.19", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.7", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.296", "versionEndExcluding": "4.19.308"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.258", "versionEndExcluding": "5.4.270"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.198", "versionEndExcluding": "5.10.211"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.135", "versionEndExcluding": "5.15.150"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.57", "versionEndExcluding": "6.1.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.6.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.7.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.327"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5.7"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"}, {"url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"}, {"url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"}, {"url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"}, {"url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"}, {"url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"}, {"url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"}, {"url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"}], "title": "l2tp: pass correct message length to ip6_append_data", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26752", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T18:05:57.024676Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:48:58.719Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.330Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

cveMetadata : { »

cveId : CVE-2024-26752 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-02-19T14:20:24.169Z (string)

datePublished : 2024-04-03T17:00:37.340Z (string)

dateUpdated : 2025-05-04T12:54:40.861Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T12:54:40.861Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/l2tp/l2tp_ip6.c (string)

]

versions : [ »

0 : { »

version : 559d697c5d072593d22b3e0bd8b8081108aeaf59 (string)

lessThan : 4c3ce64bc9d36ca9164dd6c77ff144c121011aae (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 1fc793d68d50dee4782ef2e808913d5dd880bcc6 (string)

lessThan : c1d3a84a67db910ce28a871273c992c3d7f9efb5 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 96b2e1090397217839fcd6c9b6d8f5d439e705ed (string)

lessThan : dcb4d14268595065c85dc5528056713928e17243 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : cd1189956393bf850b2e275e37411855d3bd86bb (string)

lessThan : 0da15a70395182ee8cb75716baf00dddc0bea38d (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : f6a7182179c0ed788e3755ee2ed18c888ddcc33f (string)

lessThan : 13cd1daeea848614e585b2c6ecc11ca9c8ab2500 (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 (string)

lessThan : 804bd8650a3a2bf3432375f8c97d5049d845ce56 (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 (string)

lessThan : 83340c66b498e49353530e41542500fc8a4782d6 (string)

status : affected (string)

versionType : git (string)

}

7 : { »

version : 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 (string)

lessThan : 359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (string)

status : affected (string)

versionType : git (string)

}

8 : { »

version : 7626b9fed53092aa2147978070e610ecb61af844 (string)

status : affected (string)

versionType : git (string)

}

9 : { »

version : fe80658c08e3001c80c5533cd41abfbb0e0e28fd (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/l2tp/l2tp_ip6.c (string)

]

versions : [ »

0 : { »

version : 6.6 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 6.6 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 4.19.308 (string)

lessThanOrEqual : 4.19.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 5.4.270 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 5.10.211 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 5.15.150 (string)

lessThanOrEqual : 5.15.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 6.1.80 (string)

lessThanOrEqual : 6.1.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 6.6.19 (string)

lessThanOrEqual : 6.6.* (string)

status : unaffected (string)

versionType : semver (string)

}

8 : { »

version : 6.7.7 (string)

lessThanOrEqual : 6.7.* (string)

status : unaffected (string)

versionType : semver (string)

}

9 : { »

version : 6.8 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.19.296 (string)

versionEndExcluding : 4.19.308 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.4.258 (string)

versionEndExcluding : 5.4.270 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.10.198 (string)

versionEndExcluding : 5.10.211 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.15.135 (string)

versionEndExcluding : 5.15.150 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 6.1.57 (string)

versionEndExcluding : 6.1.80 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 6.6 (string)

versionEndExcluding : 6.6.19 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 6.6 (string)

versionEndExcluding : 6.7.7 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 6.6 (string)

versionEndExcluding : 6.8 (string)

}

8 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.14.327 (string)

}

9 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 6.5.7 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae (string)

}

1 : { »

url : https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d (string)

}

4 : { »

url : https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (string)

}

]

title : l2tp: pass correct message length to ip6_append_data (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-26752 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-04-03T18:05:57.024676Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-04T17:48:58.719Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T00:14:13.330Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (string)

tags : [ »

0 : x_transferred (string)

]

}

8 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

tags : [ »

0 : x_transferred (string)

]

}

9 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.330Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26752", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T18:05:57.024676Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:21.718Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "l2tp: pass correct message length to ip6_append_data", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "559d697c5d072593d22b3e0bd8b8081108aeaf59", "lessThan": "4c3ce64bc9d36ca9164dd6c77ff144c121011aae", "versionType": "git"}, {"status": "affected", "version": "1fc793d68d50dee4782ef2e808913d5dd880bcc6", "lessThan": "c1d3a84a67db910ce28a871273c992c3d7f9efb5", "versionType": "git"}, {"status": "affected", "version": "96b2e1090397217839fcd6c9b6d8f5d439e705ed", "lessThan": "dcb4d14268595065c85dc5528056713928e17243", "versionType": "git"}, {"status": "affected", "version": "cd1189956393bf850b2e275e37411855d3bd86bb", "lessThan": "0da15a70395182ee8cb75716baf00dddc0bea38d", "versionType": "git"}, {"status": "affected", "version": "f6a7182179c0ed788e3755ee2ed18c888ddcc33f", "lessThan": "13cd1daeea848614e585b2c6ecc11ca9c8ab2500", "versionType": "git"}, {"status": "affected", "version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070", "lessThan": "804bd8650a3a2bf3432375f8c97d5049d845ce56", "versionType": "git"}, {"status": "affected", "version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070", "lessThan": "83340c66b498e49353530e41542500fc8a4782d6", "versionType": "git"}, {"status": "affected", "version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070", "lessThan": "359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79", "versionType": "git"}, {"status": "affected", "version": "7626b9fed53092aa2147978070e610ecb61af844", "versionType": "git"}, {"status": "affected", "version": "fe80658c08e3001c80c5533cd41abfbb0e0e28fd", "versionType": "git"}], "programFiles": ["net/l2tp/l2tp_ip6.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6"}, {"status": "unaffected", "version": "0", "lessThan": "6.6", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.308", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.270", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.211", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.150", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.80", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.19", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.7", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/l2tp/l2tp_ip6.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"}, {"url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"}, {"url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"}, {"url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"}, {"url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"}, {"url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"}, {"url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"}, {"url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pass correct message length to ip6_append_data\n\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\n\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\n\nHowever, the code which performed the calculation was incorrect:\n\n     ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0;\n\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\n\nAdd parentheses to correct the calculation in line with the original\nintent."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.308", "versionStartIncluding": "4.19.296"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.270", "versionStartIncluding": "5.4.258"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.211", "versionStartIncluding": "5.10.198"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.150", "versionStartIncluding": "5.15.135"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.80", "versionStartIncluding": "6.1.57"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.19", "versionStartIncluding": "6.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.7", "versionStartIncluding": "6.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8", "versionStartIncluding": "6.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.14.327"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "6.5.7"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:54:40.861Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26752", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:54:40.861Z", "dateReserved": "2024-02-19T14:20:24.169Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-03T17:00:37.340Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (string)

tags : [ »

0 : x_transferred (string)

]

}

8 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

tags : [ »

0 : x_transferred (string)

]

}

9 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T00:14:13.330Z (string)

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-26752 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-04-03T18:05:57.024676Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-05-23T19:01:21.718Z (string)

}

title : CISA ADP Vulnrichment (string)

}

]

cna : { »

title : l2tp: pass correct message length to ip6_append_data (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 559d697c5d072593d22b3e0bd8b8081108aeaf59 (string)

lessThan : 4c3ce64bc9d36ca9164dd6c77ff144c121011aae (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : 1fc793d68d50dee4782ef2e808913d5dd880bcc6 (string)

lessThan : c1d3a84a67db910ce28a871273c992c3d7f9efb5 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 96b2e1090397217839fcd6c9b6d8f5d439e705ed (string)

lessThan : dcb4d14268595065c85dc5528056713928e17243 (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : cd1189956393bf850b2e275e37411855d3bd86bb (string)

lessThan : 0da15a70395182ee8cb75716baf00dddc0bea38d (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : f6a7182179c0ed788e3755ee2ed18c888ddcc33f (string)

lessThan : 13cd1daeea848614e585b2c6ecc11ca9c8ab2500 (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 (string)

lessThan : 804bd8650a3a2bf3432375f8c97d5049d845ce56 (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 (string)

lessThan : 83340c66b498e49353530e41542500fc8a4782d6 (string)

versionType : git (string)

}

7 : { »

status : affected (string)

version : 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 (string)

lessThan : 359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (string)

versionType : git (string)

}

8 : { »

status : affected (string)

version : 7626b9fed53092aa2147978070e610ecb61af844 (string)

versionType : git (string)

}

9 : { »

status : affected (string)

version : fe80658c08e3001c80c5533cd41abfbb0e0e28fd (string)

versionType : git (string)

}

]

programFiles : [ »

0 : net/l2tp/l2tp_ip6.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 6.6 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 6.6 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 4.19.308 (string)

versionType : semver (string)

lessThanOrEqual : 4.19.* (string)

}

3 : { »

status : unaffected (string)

version : 5.4.270 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

4 : { »

status : unaffected (string)

version : 5.10.211 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

5 : { »

status : unaffected (string)

version : 5.15.150 (string)

versionType : semver (string)

lessThanOrEqual : 5.15.* (string)

}

6 : { »

status : unaffected (string)

version : 6.1.80 (string)

versionType : semver (string)

lessThanOrEqual : 6.1.* (string)

}

7 : { »

status : unaffected (string)

version : 6.6.19 (string)

versionType : semver (string)

lessThanOrEqual : 6.6.* (string)

}

8 : { »

status : unaffected (string)

version : 6.7.7 (string)

versionType : semver (string)

lessThanOrEqual : 6.7.* (string)

}

9 : { »

status : unaffected (string)

version : 6.8 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : net/l2tp/l2tp_ip6.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae (string)

}

1 : { »

url : https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d (string)

}

4 : { »

url : https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (string)

}

]

x_generator : { »

engine : bippy-1.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent. (string)

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

negate : false (boolean)

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.19.308 (string)

versionStartIncluding : 4.19.296 (string)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.4.270 (string)

versionStartIncluding : 5.4.258 (string)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.10.211 (string)

versionStartIncluding : 5.10.198 (string)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.15.150 (string)

versionStartIncluding : 5.15.135 (string)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.1.80 (string)

versionStartIncluding : 6.1.57 (string)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.6.19 (string)

versionStartIncluding : 6.6 (string)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.7.7 (string)

versionStartIncluding : 6.6 (string)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.8 (string)

versionStartIncluding : 6.6 (string)

}

8 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionStartIncluding : 4.14.327 (string)

}

9 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionStartIncluding : 6.5.7 (string)

}

]

operator : OR (string)

}

]

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T12:54:40.861Z (string)

}

cveMetadata : { »

cveId : CVE-2024-26752 (string)

state : PUBLISHED (string)

dateUpdated : 2025-05-04T12:54:40.861Z (string)

dateReserved : 2024-02-19T14:20:24.169Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-04-03T17:00:37.340Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9FA566F-70F7-425E-992C-8E288E08DC71", "versionEndExcluding": "4.19.308", "versionStartIncluding": "4.19.296", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB22468A-4B52-4E91-B35B-C94CAD2C78D0", "versionEndExcluding": "5.4.270", "versionStartIncluding": "5.4.258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "86A99ADE-C508-4FC9-962C-012F03BBCEC5", "versionEndExcluding": "5.10.211", "versionStartIncluding": "5.10.198", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "097E59FD-F12D-4416-B356-2651F9C7AC68", "versionEndExcluding": "5.15.150", "versionStartIncluding": "5.15.135", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "894FCF87-4C78-4DCF-9C4A-D8918A518E66", "versionEndExcluding": "6.1.80", "versionStartIncluding": "6.1.57", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "67629862-377E-46FA-A747-4A0BC6C42DD8", "versionEndExcluding": "6.6.19", "versionStartIncluding": "6.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B", "versionEndExcluding": "6.7.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.14.327:*:*:*:*:*:*:*", "matchCriteriaId": "C403DCDD-EFA8-403C-9134-6C69953B8199", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "E0044DD2-D5B3-491C-B153-351DE4C1E042", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*", "matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pass correct message length to ip6_append_data\n\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\n\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\n\nHowever, the code which performed the calculation was incorrect:\n\n     ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0;\n\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\n\nAdd parentheses to correct the calculation in line with the original\nintent."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: l2tp: pasa la longitud correcta del mensaje a ip6_append_data l2tp_ip6_sendmsg necesita evitar tener en cuenta el encabezado de transporte dos veces al unir m\u00e1s datos en un skbuff ya parcialmente ocupado. Para gestionar esto, verificamos si skbuff contiene datos usando skb_queue_empty al decidir cu\u00e1ntos datos agregar usando ip6_append_data. Sin embargo, el c\u00f3digo que realiz\u00f3 el c\u00e1lculo era incorrecto: ulen = len + skb_queue_empty(&amp;sk-&gt;sk_write_queue)? transhdrlen : 0; ...debido a la precedencia del operador C, esto termina configurando ulen en transhdrlen para mensajes con una longitud distinta de cero, lo que resulta en paquetes corruptos en el cable. Agregue par\u00e9ntesis para corregir el c\u00e1lculo de acuerdo con la intenci\u00f3n original."}], "id": "CVE-2024-26752", "lastModified": "2025-03-17T16:57:11.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-03T17:15:51.910", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-131"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A9FA566F-70F7-425E-992C-8E288E08DC71 (string)

versionEndExcluding : 4.19.308 (string)

versionStartIncluding : 4.19.296 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DB22468A-4B52-4E91-B35B-C94CAD2C78D0 (string)

versionEndExcluding : 5.4.270 (string)

versionStartIncluding : 5.4.258 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 86A99ADE-C508-4FC9-962C-012F03BBCEC5 (string)

versionEndExcluding : 5.10.211 (string)

versionStartIncluding : 5.10.198 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 097E59FD-F12D-4416-B356-2651F9C7AC68 (string)

versionEndExcluding : 5.15.150 (string)

versionStartIncluding : 5.15.135 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 894FCF87-4C78-4DCF-9C4A-D8918A518E66 (string)

versionEndExcluding : 6.1.80 (string)

versionStartIncluding : 6.1.57 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 67629862-377E-46FA-A747-4A0BC6C42DD8 (string)

versionEndExcluding : 6.6.19 (string)

versionStartIncluding : 6.6 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 575EE16B-67F2-4B5B-B5F8-1877715C898B (string)

versionEndExcluding : 6.7.7 (string)

versionStartIncluding : 6.7 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:4.14.327:*:*:*:*:*:*:* (string)

matchCriteriaId : C403DCDD-EFA8-403C-9134-6C69953B8199 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.5.7:*:*:*:*:*:*:* (string)

matchCriteriaId : E0044DD2-D5B3-491C-B153-351DE4C1E042 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:* (string)

matchCriteriaId : B9F4EA73-0894-400F-A490-3A397AB7A517 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 056BD938-0A27-4569-B391-30578B309EE3 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:* (string)

matchCriteriaId : F02056A5-B362-4370-9FF8-6F0BD384D520 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:* (string)

matchCriteriaId : 62075ACE-B2A0-4B16-829D-B3DA5AE5CC41 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:* (string)

matchCriteriaId : A780F817-2A77-4130-A9B7-5C25606314E3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 07B237A9-69A3-4A9C-9DA0-4E06BD37AE73 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se resolvió la siguiente vulnerabilidad: l2tp: pasa la longitud correcta del mensaje a ip6_append_data l2tp_ip6_sendmsg necesita evitar tener en cuenta el encabezado de transporte dos veces al unir más datos en un skbuff ya parcialmente ocupado. Para gestionar esto, verificamos si skbuff contiene datos usando skb_queue_empty al decidir cuántos datos agregar usando ip6_append_data. Sin embargo, el código que realizó el cálculo era incorrecto: ulen = len + skb_queue_empty(&sk->sk_write_queue)? transhdrlen : 0; ...debido a la precedencia del operador C, esto termina configurando ulen en transhdrlen para mensajes con una longitud distinta de cero, lo que resulta en paquetes corruptos en el cable. Agregue paréntesis para corregir el cálculo de acuerdo con la intención original. (string)

}

]

id : CVE-2024-26752 (string)

lastModified : 2025-03-17T16:57:11.283 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-04-03T17:15:51.910 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500 (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56 (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6 (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5 (string)

}

7 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

]

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

]

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-131 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "kernel: l2tp: pass correct message length to ip6_append_data", "id": "2273219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273219"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-130", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nl2tp: pass correct message length to ip6_append_data\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\nHowever, the code which performed the calculation was incorrect:\nulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0;\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\nAdd parentheses to correct the calculation in line with the original\nintent.", "A vulnerability was found in the l2tp_ip6_sendmsg() function in the Linux kernel. An incorrect length calculation due to operator precedence issues can cause packet corruption and lead to communication issues."], "name": "CVE-2024-26752", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26752\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26752\nhttps://lore.kernel.org/linux-cve-announce/2024040302-CVE-2024-26752-cb0a@gregkh/T"], "statement": "Red Hat Enterprise Linux 8 and 9 are not affected by this vulnerability.", "threat_severity": "Moderate"}

{

bugzilla : { »

description : kernel: l2tp: pass correct message length to ip6_append_data (string)

id : 2273219 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2273219 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.5 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

status : draft (string)

}

cwe : CWE-130 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent. (string)

1 : A vulnerability was found in the l2tp_ip6_sendmsg() function in the Linux kernel. An incorrect length calculation due to operator precedence issues can cause packet corruption and lead to communication issues. (string)

]

name : CVE-2024-26752 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

6 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-04-03T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-26752 https://nvd.nist.gov/vuln/detail/CVE-2024-26752 https://lore.kernel.org/linux-cve-announce/2024040302-CVE-2024-26752-cb0a@gregkh/T (string)

]

statement : Red Hat Enterprise Linux 8 and 9 are not affected by this vulnerability. (string)

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object