CVE-2024-50251

MEDIUM

Linux Kernel 4.5-6.11.6 - DoS via nft_payload Offset/Length Check Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-50251. PoCs published by slavin-ayu.

AI-analyzed exploit summary This PoC demonstrates a local denial-of-service (DoS) vulnerability in the Linux kernel by manipulating nftables rules and triggering a crash via a crafted UDP packet. The exploit uses user and network namespaces to isolate the attack environment.

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.

Exploits (1)

nomisec WORKING POC 2 stars

by slavin-ayu · poc

https://github.com/slavin-ayu/CVE-2024-50251-PoC

View Code ZIP pw:eip

This PoC demonstrates a local denial-of-service (DoS) vulnerability in the Linux kernel by manipulating nftables rules and triggering a crash via a crafted UDP packet. The exploit uses user and network namespaces to isolate the attack environment.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (specific version not specified)

No auth needed

Prerequisites: Linux system with nftables support · CAP_NET_ADMIN capabilities or root privileges

MITRE ATT&CK