{"vulnerability": "CVE-2024-44999", "sightings": [{"uuid": "e13f7a3b-9257-4dd1-b174-1b52940b7a8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44999", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "71465ff6-ca84-4595-8533-e70782054f9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44999", "type": "seen", "source": "https://t.me/cvedetector/4862", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-44999 - Linux GTP IPv6 Uninitialized Value Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-44999 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ngtp: pull network headers in gtp_dev_xmit() \n \nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] \n \nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head \nbefore accessing fields in them. \n \nUse pskb_inet_may_pull() to fix this issue. \n \n[1] \nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline] \n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] \n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 \n ipv6_pdp_find drivers/net/gtp.c:220 [inline] \n gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] \n gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 \n __netdev_start_xmit include/linux/netdevice.h:4913 [inline] \n netdev_start_xmit include/linux/netdevice.h:4922 [inline] \n xmit_one net/core/dev.c:3580 [inline] \n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596 \n __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423 \n dev_queue_xmit include/linux/netdevice.h:3105 [inline] \n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 \n packet_snd net/packet/af_packet.c:3145 [inline] \n packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177 \n sock_sendmsg_nosec net/socket.c:730 [inline] \n __sock_sendmsg+0x30f/0x380 net/socket.c:745 \n __sys_sendto+0x685/0x830 net/socket.c:2204 \n __do_sys_sendto net/socket.c:2216 [inline] \n __se_sys_sendto net/socket.c:2212 [inline] \n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 \n x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 \n do_syscall_x64 arch/x86/entry/common.c:52 [inline] \n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 \n entry_SYSCALL_64_after_hwframe+0x77/0x7f \n \nUninit was created at: \n slab_post_alloc_hook mm/slub.c:3994 [inline] \n slab_alloc_node mm/slub.c:4037 [inline] \n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080 \n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583 \n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674 \n alloc_skb include/linux/skbuff.h:1320 [inline] \n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526 \n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815 \n packet_alloc_skb net/packet/af_packet.c:2994 [inline] \n packet_snd net/packet/af_packet.c:3088 [inline] \n packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177 \n sock_sendmsg_nosec net/socket.c:730 [inline] \n __sock_sendmsg+0x30f/0x380 net/socket.c:745 \n __sys_sendto+0x685/0x830 net/socket.c:2204 \n __do_sys_sendto net/socket.c:2216 [inline] \n __se_sys_sendto net/socket.c:2212 [inline] \n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 \n x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 \n do_syscall_x64 arch/x86/entry/common.c:52 [inline] \n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 \n entry_SYSCALL_64_after_hwframe+0x77/0x7f \n \nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:30.000000Z"}]}