CVE-2024-42861

HIGH

linuxptp < 4.2 - Denial of Service via Crafted Pdelay_Req Message

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-42861. PoCs published by qiupy123.

AI-analyzed exploit summary The repository describes a DoS vulnerability in the IEEE 802.1AS standard (gPTP protocol) where sending two Pdelay_Req messages with different ClockIDs disables time synchronization on the target port. The attack was reproduced on linuxPTP, a software implementation of PTP and gPTP protocols.

Description

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function

Exploits (1)

nomisec WRITEUP

by qiupy123 · poc

https://github.com/qiupy123/CVE-2024-42861

View Code ZIP pw:eip

The repository describes a DoS vulnerability in the IEEE 802.1AS standard (gPTP protocol) where sending two Pdelay_Req messages with different ClockIDs disables time synchronization on the target port. The attack was reproduced on linuxPTP, a software implementation of PTP and gPTP protocols.

Classification

Writeup 80%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: IEEE 802.1AS standard (gPTP protocol), linuxPTP

No auth needed

Prerequisites: Attacker and target must be on the same Ethernet network · Target device must have IEEE 802.1AS enabled

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/qiupy123/CVE-2024-42861

Scores

CVSS v3 7.5

EPSS 0.0149

EPSS Percentile 70.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

Status published

Products (1)

linuxptp_project/linuxptp < 4.2

Published Sep 23, 2024

Tracked Since Feb 18, 2026