{"vulnerability": "CVE-2024-41091", "sightings": [{"uuid": "104200f2-4fa5-4e49-8a40-6cd8e49282fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41091", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "793494b2-2acb-4578-a8a7-6b38196b7b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41091", "type": "seen", "source": "https://bsky.app/profile/sec-news-bot.bsky.social/post/3mmeg2jl2ef2g", "content": "Microsoft Defender \u8106\u5f31\u6027 2\u4ef6\u304c\u60aa\u7528\u4e2d\u2015\u7dca\u6025\u30d1\u30c3\u30c1\u516c\u958b\n\nMicrosoft Defender \u306e CVE-2024-41091 \u3068 CVE-2024-45498 \u304c\u91ce\u751f\u3067\u60aa\u7528\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u4e21\u8106\u5f31\u6027\u306f SYSTEM \u6a29\u9650\u6607\u683c\u3068 DoS \u30ea\u30b9\u30af\u3092\u3082\u305f\u3089\u3057\u30016 \u6708 3 \u65e5\u306e\u30d1\u30c3\u30c1\u3067\u5bfe\u5fdc\u3055\u308c\u307e\u3057\u305f\u3002\u76f4\u3061\u306b\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044\u3002\n\n#CVE #\u8106\u5f31\u6027 #\u60c5\u5831\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3", "creation_timestamp": "2026-05-21T12:25:13.326463Z"}, {"uuid": "0c65215d-5d43-4b19-87c2-0dd4187cf9dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41091", "type": "seen", "source": "https://t.me/cvedetector/1816", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41091 - Linux TUN Network Stack Ethernet Header Length Validation Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-41091 \nPublished : July 29, 2024, 7:15 a.m. | 17\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ntun: add missing verification for short frame  \n  \nThe cited commit missed to check against the validity of the frame length  \nin the tun_xdp_one() path, which could cause a corrupted skb to be sent  \ndownstack. Even before the skb is transmitted, the  \ntun_xdp_one-->eth_type_trans() may access the Ethernet header although it  \ncan be less than ETH_HLEN. Once transmitted, this could either cause  \nout-of-bound access beyond the actual length, or confuse the underlayer  \nwith incorrect or inconsistent header length in the skb metadata.  \n  \nIn the alternative path, tun_get_user() already prohibits short frame which  \nhas the length less than Ethernet header size from being transmitted for  \nIFF_TAP.  \n  \nThis is to drop any frame shorter than the Ethernet header size just like  \nhow tun_get_user() does.  \n  \nCVE: CVE-2024-41091 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T09:36:06.000000Z"}]}