CVE-2024-57802: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57802 is a vulnerability in the Linux kernel's netrom subsystem, discovered in January 2025. The issue occurs in the nrrouteframe function which fails to validate buffer size before accessing it, affecting Linux kernel versions from 2.6.12 up to versions before 5.4.289, 5.10.233, 5.15.176, 6.1.124, and 6.12.9 (NVD).

The vulnerability stems from a buffer validation issue in the netrom subsystem where nrrouteframe does not validate the buffer size before accessing fields in skb->data. This can lead to an uninitialized value read from ax25cmp when sending raw messages through the ieee802154 implementation. The issue was discovered using the Syzkaller fuzzing tool, which reported an uninit-value bug in the ax25cmp function. The CVSS v3.1 base score is 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a denial of service condition in the Linux kernel. When exploited, it could cause system instability or crashes due to accessing uninitialized memory, particularly affecting systems that use the netrom networking subsystem (NVD).

The vulnerability has been fixed by adding buffer length validation before accessing the data. The fix involves checking skb->len to ensure it contains at least 2 addresses and 1 byte more for Time-To-Live before accessing any fields in skb->data. The patch has been released and is available in the Linux kernel repository (Kernel Patch). Users should update their Linux kernel to the latest patched version.