CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN
In the Linux kernel, the following vulnerability has been resolved:
net: dpaa: Pad packets to ETH_ZLEN
When sending packets under 60 bytes, up to three bytes of the buffer
following the data may be leaked. Avoid this by extending all packets to
ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be
reproduced by running
$ ping -s 11 destination
Security readout for executives and security teams
Plain-English summary
CVE-2024-46854 is a Linux kernel information leak in the DPAA network driver. Very small outbound packets may include up to three bytes of adjacent buffer data as padding. The business impact appears limited, but affected embedded or appliance-style Linux systems should receive vendor kernel updates.
Executive priority
Treat this as routine patch management unless DPAA-based systems handle sensitive traffic on shared networks. There is no cited active exploitation, but the issue can leak small amounts of memory-adjacent data.
Technical view
The Linux kernel DPAA networking path failed to pad packets shorter than ETH_ZLEN safely. When packets under 60 bytes were transmitted, bytes following the packet data could be exposed in Ethernet padding. Stable kernel commits fix this by extending all packets to ETH_ZLEN before transmission.
Likely exposure
Exposure is likely limited to Linux systems using the DPAA Ethernet driver. Generic Linux servers not using this driver are unlikely to be affected based on the provided sources.
Exploitation context
The source bundle provides a simple reproduction condition but no evidence of weaponized exploitation. CISA KEV is false, and no cited source states active exploitation in the wild.
Researcher notes
The CVE record names Linux as affected and provides stable commit references. Version data is incomplete and commit-oriented, so product exposure should be validated through kernel configuration, driver use, and downstream vendor advisories.
Mitigation direction
Apply vendor kernel updates that include the listed Linux stable fixes.
Check Debian LTS or device vendor advisories for packaged kernel updates.
Prioritize internet-facing or shared-network systems using DPAA networking.
If no update is available, request vendor guidance for supported mitigations.
Validation and detection
Inventory Linux systems for kernels using the DPAA network driver.
Compare running kernel packages against vendor advisories and fixed stable commits.
Confirm patched kernels pad short transmitted packets to ETH_ZLEN.
Review packet-capture risk only in authorized lab validation environments.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-46854 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.