{"uuid": "a0d4e11e-b43c-4662-bb2a-8555a97dce23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49568", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1313", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-49568\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the fields v2_ext_offset/\neid_cnt/ism_gid_cnt in proposal msg are from the remote client\nand can not be fully trusted. Especially the field v2_ext_offset,\nonce exceed the max value, there has the chance to access wrong\naddress, and crash may happen.\n\nThis patch checks the fields v2_ext_offset/eid_cnt/ism_gid_cnt\nbefore using them.\n\ud83d\udccf Published: 2025-01-11T12:35:36.190Z\n\ud83d\udccf Modified: 2025-01-11T12:35:36.190Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/295a92e3df32e72aff0f4bc25c310e349d07ffbf\n2. https://git.kernel.org/stable/c/42f6beb2d5779429417b5f8115a4e3fa695d2a6c\n3. https://git.kernel.org/stable/c/7863c9f3d24ba49dbead7e03dfbe40deb5888fdf", "creation_timestamp": "2025-01-11T13:06:48.000000Z"}