LiveActive security incident?Get immediate response
CVE Record

CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN

In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running $ ping -s 11 destination

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

CVE-2024-46854 is a Linux kernel information leak in the DPAA network driver. Very small outbound packets may include up to three bytes of adjacent buffer data as padding. The business impact appears limited, but affected embedded or appliance-style Linux systems should receive vendor kernel updates.

Executive priority

Treat this as routine patch management unless DPAA-based systems handle sensitive traffic on shared networks. There is no cited active exploitation, but the issue can leak small amounts of memory-adjacent data.

Technical view

The Linux kernel DPAA networking path failed to pad packets shorter than ETH_ZLEN safely. When packets under 60 bytes were transmitted, bytes following the packet data could be exposed in Ethernet padding. Stable kernel commits fix this by extending all packets to ETH_ZLEN before transmission.

Likely exposure

Exposure is likely limited to Linux systems using the DPAA Ethernet driver. Generic Linux servers not using this driver are unlikely to be affected based on the provided sources.

Exploitation context

The source bundle provides a simple reproduction condition but no evidence of weaponized exploitation. CISA KEV is false, and no cited source states active exploitation in the wild.

Researcher notes

The CVE record names Linux as affected and provides stable commit references. Version data is incomplete and commit-oriented, so product exposure should be validated through kernel configuration, driver use, and downstream vendor advisories.

Mitigation direction

  • Apply vendor kernel updates that include the listed Linux stable fixes.
  • Check Debian LTS or device vendor advisories for packaged kernel updates.
  • Prioritize internet-facing or shared-network systems using DPAA networking.
  • If no update is available, request vendor guidance for supported mitigations.

Validation and detection

  • Inventory Linux systems for kernels using the DPAA network driver.
  • Compare running kernel packages against vendor advisories and fixed stable commits.
  • Confirm patched kernels pad short transmitted packets to ETH_ZLEN.
  • Review packet-capture risk only in authorized lab validation environments.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-46854 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
12Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux9ad1a37493338cacf04e2c93acf44d151a7adda8, 9ad1a37493338cacf04e2c93acf44d151a7adda8, 9ad1a37493338cacf04e2c93acf44d151a7adda8, 9ad1a37493338cacf04e2c93acf44d151a7adda8, 9ad1a37493338cacf04e2c93acf44d151a7adda8, 9ad1a37493338cacf04e2c93acf44d151a7adda8, 9ad1a37493338cacf04e2c93acf44d151a7adda8, 9ad1a37493338cacf04e2c93acf44d151a7adda8unaffected
LinuxLinux4.10, 0, 4.19.323, 5.4.285, 5.10.227, 5.15.168, 6.1.111, 6.6.52, 6.10.11, 6.11affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.