CVE-2024-50258 in Linuxinfo

Summary

by MITRE • 11/09/2024

In the Linux kernel, the following vulnerability has been resolved:

net: fix crash when config small gso_max_size/gso_ipv4_max_size

Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk_gso_max_size would be much bigger than device limits. Call Trace: tcp_write_xmit tso_segs = tcp_init_tso_segs(skb, mss_now); tcp_set_skb_tso_segs tcp_skb_pcount_set // skb->len = 524288, mss_now = 8 // u16 tso_segs = 524288/8 = 65535 -> 0 tso_segs = DIV_ROUND_UP(skb->len, mss_now) BUG_ON(!tso_segs) Add check for the minimum value of gso_max_size and gso_ipv4_max_size.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/17/2025

The vulnerability described in CVE-2024-50258 represents a critical kernel-level issue affecting the Linux networking stack that can lead to system crashes and potential denial of service conditions. This flaw specifically impacts how the kernel handles Generic Segmentation Offload (GSO) configuration parameters, which are essential for network packet processing and transmission. The vulnerability stems from improper validation of GSO maximum size parameters that can result in arithmetic underflow conditions within the kernel's network subsystem. When administrators configure extremely small values for gso_max_size or gso_ipv4_max_size parameters, the kernel's internal calculations fail catastrophically, leading to unexpected system behavior and potential crashes.

The technical root cause of this vulnerability lies in the sk_dst_gso_max_size() function where an underflow condition occurs due to insufficient bounds checking on the GSO maximum size parameters. This underflow manifests when the kernel attempts to calculate segmentation values for network packets using the DIV_ROUND_UP operation, which produces incorrect results when dealing with extremely small GSO limits. The specific call trace reveals the execution path leading to the crash, beginning with tcp_write_xmit function that invokes tcp_init_tso_segs, ultimately reaching the problematic tcp_set_skb_tso_segs function. During this process, a packet with a length of 524288 bytes and a maximum segment size (mss_now) of 8 bytes results in a division operation that produces a value of 65535 which then gets truncated to zero, triggering the BUG_ON assertion that terminates the kernel execution.

The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise network services and overall system stability. When a system administrator configures GSO parameters to values that are too small, the kernel becomes vulnerable to this underflow condition that can be triggered during normal network packet processing operations. This creates a scenario where legitimate network traffic can cause kernel panics, leading to complete system downtime and service disruption. The vulnerability is particularly concerning because it can be exploited through normal kernel parameter configuration, making it difficult to distinguish between malicious attacks and accidental misconfigurations that could trigger the same crash conditions. The flaw affects systems that rely heavily on TCP network processing and can be particularly dangerous in production environments where network reliability is critical.

The vulnerability aligns with CWE-191, which describes integer underflow conditions in software systems, and demonstrates how improper input validation can lead to catastrophic system failures. From an ATT&CK perspective, this vulnerability could be leveraged in privilege escalation or denial of service attacks, particularly when combined with other kernel-level exploits that target similar memory corruption patterns. The fix for this vulnerability involves implementing proper bounds checking for the minimum values of gso_max_size and gso_ipv4_max_size parameters, ensuring that these configuration values cannot be set to levels that would cause arithmetic underflow conditions. Organizations should immediately apply the relevant kernel patches and implement monitoring for abnormal GSO parameter configurations that could lead to this condition. System administrators should also consider implementing configuration management controls that prevent the setting of extremely small GSO values, as well as establishing proper network monitoring to detect potential exploitation attempts that might trigger kernel-level crashes.

Responsible

Linux

Reservation

10/21/2024

Disclosure

11/09/2024

Moderation

accepted

CPE

ready

EPSS

0.00207

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!