{"id":"CVE-2024-41090","summary":"tap: add missing verification for short frame","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntap: add missing verification for short frame\n\nThe cited commit missed to check against the validity of the frame length\nin the tap_get_user_xdp() path, which could cause a corrupted skb to be\nsent downstack. Even before the skb is transmitted, the\ntap_get_user_xdp()--\u003eskb_set_network_header() may assume the size is more\nthan ETH_HLEN. Once transmitted, this could either cause out-of-bound\naccess beyond the actual length, or confuse the underlayer with incorrect\nor inconsistent header length in the skb metadata.\n\nIn the alternative path, tap_get_user() already prohibits short frame which\nhas the length less than Ethernet header size from being transmitted.\n\nThis is to drop any frame shorter than the Ethernet header size just like\nhow tap_get_user() does.\n\nCVE: CVE-2024-41090","modified":"2026-05-28T03:54:23.891447887Z","published":"2024-07-29T06:18:10.896Z","related":["ALSA-2024:5928","ALSA-2024:7000","ALSA-2024:7001","SUSE-SU-2024:2802-1","SUSE-SU-2024:2892-1","SUSE-SU-2024:2893-1","SUSE-SU-2024:2894-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2901-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2923-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2940-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:2948-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:1207-1","SUSE-SU-2025:1213-1","SUSE-SU-2025:1231-1","SUSE-SU-2025:1232-1","SUSE-SU-2025:1252-1","SUSE-SU-2025:1254-1","SUSE-SU-2025:1257-1","SUSE-SU-2025:1260-1","SUSE-SU-2025:1262-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41090.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/73d462a38d5f782b7c872fe9ae8393d9ef5483da"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7431144b406ae82807eb87d8c98e518475b0450f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8be915fc5ff9a5e296f6538be12ea75a1a93bdea"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aa6a5704cab861c9b2ae9f475076e1881e87f5aa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e1a786b9bbb767fd1c922d424aaa8078cc542309"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e5e5e63c506b93b89b01f522b6a7343585f784e6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ed7f2afdd0e043a397677e597ced0830b83ba0b3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ee93e6da30377cf2a75e16cd32bb9fcd86a61c46"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41090.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41090"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0efac27791ee068075d80f07c55a229b1335ce12"},{"fixed":"8be915fc5ff9a5e296f6538be12ea75a1a93bdea"},{"fixed":"7431144b406ae82807eb87d8c98e518475b0450f"},{"fixed":"e5e5e63c506b93b89b01f522b6a7343585f784e6"},{"fixed":"ee93e6da30377cf2a75e16cd32bb9fcd86a61c46"},{"fixed":"aa6a5704cab861c9b2ae9f475076e1881e87f5aa"},{"fixed":"73d462a38d5f782b7c872fe9ae8393d9ef5483da"},{"fixed":"e1a786b9bbb767fd1c922d424aaa8078cc542309"},{"fixed":"ed7f2afdd0e043a397677e597ced0830b83ba0b3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41090.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.281"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.223"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.164"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.102"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.43"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.9.12"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.10.0"},{"fixed":"6.10.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41090.json"}}],"schema_version":"1.7.5"}