// For flags

CVE-2024-49997

net: ethernet: lantiq_etop: fix memory disclosure

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: lantiq_etop: fix memory disclosure

When applying padding, the buffer is not zeroed, which results in memory
disclosure. The mentioned data is observed on the wire. This patch uses
skb_put_padto() to pad Ethernet frames properly. The mentioned function
zeroes the expanded buffer.

In case the packet cannot be padded it is silently dropped. Statistics
are also not incremented. This driver does not support statistics in the
old 32-bit format or the new 64-bit format. These will be added in the
future. In its current form, the patch should be easily backported to
stable versions.

Ethernet MACs on Amazon-SE and Danube cannot do padding of the packets
in hardware, so software padding must be applied.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-10-21 CVE Reserved
  • 2024-10-21 CVE Published
  • 2024-11-09 EPSS Updated
  • 2024-11-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.0 < 4.19.323
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 4.19.323"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.0 < 5.4.285
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 5.4.285"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.0 < 5.10.227
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 5.10.227"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.0 < 5.15.168
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 5.15.168"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.0 < 6.1.113
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 6.1.113"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.0 < 6.6.55
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 6.6.55"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.0 < 6.10.14
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 6.10.14"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.0 < 6.11.3
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 6.11.3"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.0 < 6.12
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 6.12"
en
Affected