CVE-2024-46854

net: dpaa: Pad packets to ETH_ZLEN

Description

In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running $ ping -s 11 destination

7.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/cd5b9d657ecd44ad5f254c3fea3a6ab1cf0e2ef7
https://git.kernel.org/stable/c/dc43a096cfe65b5c32168313846c5cd135d08f1d
https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133
https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83
https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00 patch
https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a patch
https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2 patch
https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 patch

Frequently Asked Questions

What is the severity of CVE-2024-46854?
CVE-2024-46854 has been scored as a high severity vulnerability.
How to fix CVE-2024-46854?
To fix CVE-2024-46854, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46854 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46854 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46854?
CVE-2024-46854 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.