ID

VAR-202410-2250


CVE

CVE-2024-49997


TITLE

Linux  of  Linux Kernel  Vulnerability related to deletion of sensitive information before storage or transfer in

Trust: 0.8

sources: JVNDB: JVNDB-2024-011540

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. Statistics are also not incremented. This driver does not support statistics in the old 32-bit format or the new 64-bit format. These will be added in the future. In its current form, the patch should be easily backported to stable versions. Ethernet MACs on Amazon-SE and Danube cannot do padding of the packets in hardware, so software padding must be applied. Linux of Linux Kernel contains a vulnerability related to the deletion of sensitive information prior to storage or transmission.Information may be obtained. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues

Trust: 2.16

sources: NVD: CVE-2024-49997 // JVNDB: JVNDB-2024-011540 // CNVD: CNVD-2025-19350

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:6.12

Trust: 1.8

vendor:linuxmodel:kernelscope:gteversion:6.11

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.16

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.10.14

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.6.55

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.1.113

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.2

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.227

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.0

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.168

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.11.3

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:6.2 that's all 6.6.55

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.11 that's all 6.11.3

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.7 that's all 6.10.14

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion: -

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.16 that's all 6.1.113

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.11 that's all 5.15.168

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:3.0 that's all 5.10.227

Trust: 0.8

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-011540 // NVD: CVE-2024-49997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-49997
value: HIGH

Trust: 1.0

NVD: CVE-2024-49997
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-19350
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19350
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-49997
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-49997
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-011540 // NVD: CVE-2024-49997

PROBLEMTYPE DATA

problemtype:CWE-212

Trust: 1.0

problemtype:Improper removal of important information prior to storage or transfer (CWE-212) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-011540 // NVD: CVE-2024-49997

PATCH

title:Linux Kernel Archivesurl:https://git.kernel.org/stable/c/1097bf16501ed5e35358d848b0a94ad2830b0f65

Trust: 0.8

title:Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlierurl:https://www.cnvd.org.cn/patchInfo/show/723061

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-011540

EXTERNAL IDS

db:NVDid:CVE-2024-49997

Trust: 2.6

db:SIEMENSid:SSA-355557

Trust: 1.6

db:SIEMENSid:SSA-265688

Trust: 1.0

db:SIEMENSid:SSA-398330

Trust: 1.0

db:JVNDBid:JVNDB-2024-011540

Trust: 0.8

db:CNVDid:CNVD-2025-19350

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-011540 // NVD: CVE-2024-49997

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Trust: 1.6

url:https://git.kernel.org/stable/c/469856f76f4802c5d7e3d20e343185188de1e2db

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-398330.html

Trust: 1.0

url:https://git.kernel.org/stable/c/905f06a34f960676e7dc77bea00f2f8fe18177ad

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/185df159843d30fb71f821e7ea4368c2a3bfcd36

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Trust: 1.0

url:https://git.kernel.org/stable/c/45c0de18ff2dc9af01236380404bbd6a46502c69

Trust: 1.0

url:https://git.kernel.org/stable/c/60c068444c20bf9a3e22b65b5f6f3d9edc852931

Trust: 1.0

url:https://git.kernel.org/stable/c/431b122933b197820d319eb3987a67d04346ce9e

Trust: 1.0

url:https://git.kernel.org/stable/c/2bf4c101d7c99483b8b15a0c8f881e3f399f7e18

Trust: 1.0

url:https://git.kernel.org/stable/c/1097bf16501ed5e35358d848b0a94ad2830b0f65

Trust: 1.0

url:https://git.kernel.org/stable/c/e66e38d07b31e177ca430758ed97fbc79f27d966

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-49997

Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-011540 // NVD: CVE-2024-49997

SOURCES

db:CNVDid:CNVD-2025-19350
db:JVNDBid:JVNDB-2024-011540
db:NVDid:CVE-2024-49997

LAST UPDATE DATE

2026-06-18T19:34:34.635000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2024-011540date:2024-10-30T05:11:00
db:NVDid:CVE-2024-49997date:2026-05-12T12:17:19.400

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-12T00:00:00
db:JVNDBid:JVNDB-2024-011540date:2024-10-30T00:00:00
db:NVDid:CVE-2024-49997date:2024-10-21T18:15:19.837