CVE-2024-49978: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's UDP GSO (Generic Segmentation Offload) fraglist segmentation has been identified as CVE-2024-49978. The issue affects Linux kernel versions from 5.6 up to (excluding) 6.1.113, 6.2 up to (excluding) 6.6.55, 6.7 up to (excluding) 6.10.14, and 6.11 up to (excluding) 6.11.3. The vulnerability was discovered and disclosed in October 2024 (NVD).

The vulnerability occurs in the UDP GSO fraglist segmentation mechanism when handling modified packet geometries. Valid SKBGSOFRAGLIST skbs should consist of two or more segments, where the headskb holds protocol headers plus first gsosize, and one or more fraglist skbs hold exactly one segment. Optional datapath hooks such as NAT and BPF (bpfskbpulldata) can modify these skbs, breaking these invariants. In extreme cases, they pull all data into skb linear, which can lead to a NULL pointer dereference in _udpv4gsosegmentlistcsum at udphdr(seg->next)->dest (Kernel Patch).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM), with attack vector: Local, attack complexity: Low, privileges required: Low, user interaction: None, scope: Unchanged, and impact primarily on availability (High) (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that detects corrupted geometry and passes affected packets to skbsegment instead of skbsegmentlist. The fix includes checking headskb size to detect invalid geometry due to pull operations. System administrators should update to kernel versions 6.1.113, 6.6.55, 6.10.14, or 6.11.3 or later, depending on their kernel branch (Kernel Patch).