CVE-2024-44940

HIGH

Linux Kernel - Denial of Service via GUE GRO Receive Warning

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: fou: remove warn in gue_gro_receive on unsupported protocol Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is not known or does not have a GRO handler. Such a packet is easily constructed. Syzbot generates them and sets off this warning. Remove the warning as it is expected and not actionable. The warning was previously reduced from WARN_ON to WARN_ON_ONCE in commit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad proto callbacks").

References (8)

Core 8

Scores

CVSS v3 7.8
EPSS 0.0002
EPSS Percentile 4.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (21)
debian/debian_linux 11.0
linux/Kernel 3.18.0 - 5.10.234linux
linux/Kernel 5.11.0 - 5.15.174linux
linux/Kernel 5.16.0 - 6.1.107linux
linux/Kernel 6.2.0 - 6.6.47linux
linux/Kernel 6.7.0 - 6.10.6linux
Linux/Linux < 3.18
Linux/Linux 3.18
Linux/Linux 37dd0247797b168ad1cc7f5dbec825a1ee66535b - 3db4395332e7050ef9ddeb3052e6b5019f2a2a59
Linux/Linux 37dd0247797b168ad1cc7f5dbec825a1ee66535b - 440ab7f97261bc28501636a13998e1b1946d2e79
... and 11 more
Published Aug 26, 2024
Tracked Since Feb 18, 2026