Updated: 2026-03-05 02:39:39.560813
Description:
In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running $ ping -s 11 destination
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.1 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.1 | HIGH | Not Vulnerable | 2024-10-07 14:24:28 | CVE-2024-46854 is confined to the Freescale/NXP QorIQ DPAA Ethernet driver path (CONFIG_FSL_DPAA_ETH... | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.1 | HIGH | Not Vulnerable | 2024-10-07 14:24:28 | CVE-2024-46854 is confined to the Freescale/NXP QorIQ DPAA Ethernet driver (CONFIG_FSL_DPAA_ETH), wh... | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.1 | HIGH | Not Vulnerable | 2024-10-07 14:24:28 | CVE-2024-46854 is confined to the Freescale/NXP QorIQ DPAA Ethernet driver (CONFIG_FSL_DPAA_ETH), wh... | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.1 | HIGH | Not Vulnerable | 2024-10-07 14:24:28 | CVE-2024-46854 is confined to the Freescale/NXP QorIQ DPAA Ethernet driver (CONFIG_FSL_DPAA_ETH), wh... | |
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.1 | HIGH | Not Vulnerable | 2025-12-08 17:47:10 | Not affected: CVE-2024-46854 targets the Freescale/NXP DPAA Ethernet transmit path and is only reach... | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.1 | HIGH | Released | CLSA-2024:1728584752 | 2024-10-10 17:26:31 | |
| Ubuntu 18.04 ELS | linux | 4.15.0 | 7.1 | HIGH | Released | CLSA-2024:1728583613 | 2024-10-10 14:26:10 |