NVD Vulnerability Detail

CVE-2024-50033

Summary	In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the size of the packet was at least 20, which is not good enough. We need to make sure the packet includes the IPv4 and TCP header that are supposed to be carried. Add iph and th pointers to make the code more readable. [1] BUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666 slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666 ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455 ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline] ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212 ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327 pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113 __release_sock+0x1da/0x330 net/core/sock.c:3072 release_sock+0x6b/0x250 net/core/sock.c:3626 pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 ____sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __do_sys_sendmmsg net/socket.c:2771 [inline] __se_sys_sendmmsg net/socket.c:2768 [inline] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4091 [inline] slab_alloc_node mm/slub.c:4134 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1322 [inline] sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732 pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 ____sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __do_sys_sendmmsg net/socket.c:2771 [inline] __se_sys_sendmmsg net/socket.c:2768 [inline] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Publication Date	Oct. 22, 2024, 5:15 a.m.
Registration Date	Oct. 22, 2024, noon
Last Update	Nov. 9, 2024, 1:15 a.m.

CVSS3.1 : HIGH
スコア	7.1
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	なし
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	5.16			6.1.113
cpe:2.3:o:linux:linux_kernel::::::::	5.11			5.15.168
cpe:2.3:o:linux:linux_kernel::::::::	6.7			6.11.4
cpe:2.3:o:linux:linux_kernel::::::::	6.2			6.6.57
cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
cpe:2.3:o:linux:linux_kernel::::::::	3.2			5.10.227

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/36b054324d18e51cf466134e13b6fbe3c91f52af	Patch
2	https://git.kernel.org/stable/c/5e336384cc9b608e0551f99c3d87316ca3b0e51a	Patch
3	https://git.kernel.org/stable/c/ff5e0f895315706e4ca5a19df15be6866cee4f5d	Patch
4	https://git.kernel.org/stable/c/8bb79eb1db85a10865f0d4dd15b013def3f2d246	Patch
5	https://git.kernel.org/stable/c/29e8d96d44f51cf89a62dd042be35d052833b95c	Patch
6	https://git.kernel.org/stable/c/7d3fce8cbe3a70a1c7c06c9b53696be5d5d8dd5c	Patch
7	https://git.kernel.org/stable/c/ba6501ea06462d6404d57d5644cf2854db38e7d7

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-908	初期化されていないリソースの使用	https://cwe.mitre.org/data/definitions/908.html

JVN Vulnerability Information

Linux の Linux Kernel における初期化されていないリソースの使用に関する脆弱性

Title	Linux の Linux Kernel における初期化されていないリソースの使用に関する脆弱性
Summary	Linux の Linux Kernel には、初期化されていないリソースの使用に関する脆弱性が存在します。
Possible impacts	情報を取得される、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 10, 2024, midnight
Registration Date	Oct. 28, 2024, 3:16 p.m.
Last Update	Aug. 21, 2025, 12:18 p.m.

Affected System

Linux

Linux Kernel 3.2 以上 5.10.227 未満

Linux Kernel 5.11 以上 5.15.168 未満

Linux Kernel 5.16 以上 6.1.113 未満

Linux Kernel 6.12

Linux Kernel 6.2 以上 6.6.57 未満

Linux Kernel 6.7 以上 6.11.4 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-50033	https://www.cve.org/CVERecord?id=CVE-2024-50033
National Vulnerability Database (NVD)
2	CVE-2024-50033	https://nvd.nist.gov/vuln/detail/CVE-2024-50033

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-908	http://cwe.mitre.org/data/definitions/908.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	slip: make slhc_remember() more robust against malicious packets (29e8d96)	https://git.kernel.org/stable/c/29e8d96d44f51cf89a62dd042be35d052833b95c
2	slip: make slhc_remember() more robust against malicious packets (36b0543)	https://git.kernel.org/stable/c/36b054324d18e51cf466134e13b6fbe3c91f52af
3	slip: make slhc_remember() more robust against malicious packets (5e33638)	https://git.kernel.org/stable/c/5e336384cc9b608e0551f99c3d87316ca3b0e51a
4	slip: make slhc_remember() more robust against malicious packets (7d3fce8)	https://git.kernel.org/stable/c/7d3fce8cbe3a70a1c7c06c9b53696be5d5d8dd5c
5	slip: make slhc_remember() more robust against malicious packets (8bb79eb)	https://git.kernel.org/stable/c/8bb79eb1db85a10865f0d4dd15b013def3f2d246
6	slip: make slhc_remember() more robust against malicious packets (ff5e0f8)	https://git.kernel.org/stable/c/ff5e0f895315706e4ca5a19df15be6866cee4f5d
Linux Kernel
7	Linux Kernel Archives	https://www.kernel.org

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-25-226-07	https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07
JVN
2	JVNVU#92169998	https://jvn.jp/vu/JVNVU92169998/index.html

Change Log

No	Changed Details	Date of change
1	[2024年10月28日] 掲載	Oct. 28, 2024, 3:16 p.m.
2	[2025年08月21日] 参考情報：JVN (JVNVU#92169998) を追加参考情報：ICS-CERT ADVISORY (ICSA-25-226-07) を追加	Aug. 21, 2025, 12:17 p.m.