CVE-2024-26752

l2tp: pass correct message length to ip6_append_data

Description

In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae patch
https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5 patch
https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243 patch
https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d patch
https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500 patch
https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56 patch
https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6 patch
https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list

Frequently Asked Questions

What is the severity of CVE-2024-26752?
CVE-2024-26752 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26752?
To fix CVE-2024-26752, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26752 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26752 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26752?
CVE-2024-26752 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.