CVE-2024-26675

CVE Details

Release Date:

2024-04-02

Description

In the Linux kernel, the following vulnerability has been resolved:\nppp_async: limit MRU to 64K\nsyzbot triggered a warning [1] in __alloc_pages():\nWARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)\nWillem fixed a similar issue in commit c0a2a1b0d631 ('ppp: limit MRU to 64K')\nAdopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)\n[1]:\nWARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: events_unbound flush_to_ldisc\npstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\nlr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537\nsp : ffff800093967580\nx29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000\nx26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0\nx23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8\nx20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120\nx17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005\nx14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000\nx11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001\nx8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020\nx2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0\nCall trace:\n__alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n__alloc_pages_node include/linux/gfp.h:238 [inline]\nalloc_pages_node include/linux/gfp.h:261 [inline]\n__kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926\n__do_kmalloc_node mm/slub.c:3969 [inline]\n__kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001\nkmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590\n__alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651\n__netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715\nnetdev_alloc_skb include/linux/skbuff.h:3235 [inline]\ndev_alloc_skb include/linux/skbuff.h:3248 [inline]\nppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]\nppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341\ntty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390\ntty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37\nreceive_buf drivers/tty/tty_buffer.c:444 [inline]\nflush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494\nprocess_one_work+0x694/0x1204 kernel/workqueue.c:2633\nprocess_scheduled_works kernel/workqueue.c:2706 [inline]\nworker_thread+0x938/0xef4 kernel/workqueue.c:2787\nkthread+0x288/0x310 kernel/kthread.c:388\nret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

See more information about CVE-2024-26675 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	5.5	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 6 (kernel-uek)	ELSA-2024-12606	2024-09-02
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12606	2024-09-02
Oracle Linux version 8 (kernel)	ELSA-2024-4211	2024-07-02
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14
Oracle VM version 3 (kernel-uek)	OVMSA-2024-0011	2024-09-03