CVE-2024-49948: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49948 affects the Linux kernel's network packet handling functionality. The vulnerability was discovered in the qdisc_pkt_len_init() function, where insufficient validation of GSO (Generic Segmentation Offload) packets could lead to security issues. The vulnerability affects Linux kernel versions from 3.9 through 6.11.3, and was disclosed on October 21, 2024 (NVD).

The vulnerability exists in the Linux kernel's network stack where virtio_net_hdr_to_skb() does not fully validate TCP headers, only ensuring they are at least 20 bytes. An attacker could craft a malicious 'GSO' packet with a total length of 80 bytes (20 bytes IPv4 header + 60 bytes TCP header) and a small gso_size value like 8. This would be incorrectly processed as a normal GSO packet because it would appear to have 40 bytes of payload, larger than the gso_size, potentially leading to an underflow in qdisc_skb_cb(skb)->pkt_len (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a potential underflow condition in the kernel's network packet processing, which could result in system availability issues. The CVSS scoring indicates that while the vulnerability requires local access and cannot directly compromise system confidentiality or integrity, it can have a high impact on system availability (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that adds additional sanity checks to qdisc_pkt_len_init(). The fix includes validation of payload length before processing GSO packets. Multiple Linux distributions have released updates to address this vulnerability, including Ubuntu which has patched various kernel versions in releases 20.04 LTS through 24.04 (Ubuntu).