CVE-2024-50251: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50251 is a vulnerability in the Linux kernel's netfilter subsystem, specifically in the nft_payload component. The vulnerability was discovered and disclosed on November 9, 2024. It affects Linux kernel versions from 4.5 up to versions before 4.19.323, 5.4.285, 5.10.229, 5.15.171, 6.1.116, 6.6.60, and 6.11.7 (NVD).

The vulnerability occurs when the offset + length parameter is larger than the skbuff length during the skbchecksum() operation. In this scenario, skbchecksum() triggers a BUGON() condition. The issue arises because skbchecksum() internally subtracts the length parameter while iterating over skbuff, and BUG_ON(len) at the end checks that the expected length to be included in the checksum calculation is fully consumed. The vulnerability has been assigned a CVSS v3.1 base score of 6.2 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a local denial of service (DoS) condition when exploited, affecting system availability. The impact is limited to local attacks, but requires no privileges or user interaction to execute (NVD).

The vulnerability has been patched in the Linux kernel. Multiple fixes have been released across different kernel versions, including patches for version 5.15.0-133.144 for Ubuntu 22.04 LTS, 5.4.0-208.228 for Ubuntu 20.04 LTS, and corresponding fixes for other distributions. Users are advised to update their kernel to the latest patched version (Ubuntu).