CVE-2024-27015

netfilter: flowtable: incorrect pppoe tuple

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow table lookup, so pppoe packets enter the classical forwarding path.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/e719b52d0c56989b0f3475a03a6d64f182c85b56 patch
https://git.kernel.org/stable/c/f1c3c61701a0b12f4906152c1626a5de580ea3d2 patch
https://git.kernel.org/stable/c/4ed82dd368ad883dc4284292937b882f044e625d patch
https://git.kernel.org/stable/c/e3f078103421642fcd5f05c5e70777feb10f000d patch
https://git.kernel.org/stable/c/6db5dc7b351b9569940cd1cf445e237c42cd6d27 patch

Frequently Asked Questions

What is the severity of CVE-2024-27015?
CVE-2024-27015 has been scored as a medium severity vulnerability.
How to fix CVE-2024-27015?
To fix CVE-2024-27015, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27015 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27015 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27015?
CVE-2024-27015 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.