CVE-2024-26857
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-26857
CVE Details
| Release Date: | 2024-04-17 |
Description
In the Linux kernel, the following vulnerability has been resolved:\ngeneve: make sure to pull inner header in geneve_rx()\nsyzbot triggered a bug in geneve_rx() [1]\nIssue is similar to the one I fixed in commit 8d975c15c0cd\n('ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()')\nWe have to save skb->network_header in a temporary variable\nin order to be able to recompute the network_header pointer\nafter a pskb_inet_may_pull() call.\npskb_inet_may_pull() makes sure the needed headers are in skb->head.\n[1]\nBUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\nBUG: KMSAN: uninit-value in geneve_rx drivers/net/geneve.c:279 [inline]\nBUG: KMSAN: uninit-value in geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\nIP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\ngeneve_rx drivers/net/geneve.c:279 [inline]\ngeneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\nudp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108\nudp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186\nudp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp.c:2346\n__udp4_lib_rcv+0x1c6b/0x3010 net/ipv4/udp.c:2422\nudp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604\nip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205\nip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233\nNF_HOOK include/linux/netfilter.h:314 [inline]\nip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\ndst_input include/net/dst.h:461 [inline]\nip_rcv_finish net/ipv4/ip_input.c:449 [inline]\nNF_HOOK include/linux/netfilter.h:314 [inline]\nip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569\n__netif_receive_skb_one_core net/core/dev.c:5534 [inline]\n__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648\nprocess_backlog+0x480/0x8b0 net/core/dev.c:5976\n__napi_poll+0xe3/0x980 net/core/dev.c:6576\nnapi_poll net/core/dev.c:6645 [inline]\nnet_rx_action+0x8b8/0x1870 net/core/dev.c:6778\n__do_softirq+0x1b7/0x7c5 kernel/softirq.c:553\ndo_softirq+0x9a/0xf0 kernel/softirq.c:454\n__local_bh_enable_ip+0x9b/0xa0 kernel/softirq.c:381\nlocal_bh_enable include/linux/bottom_half.h:33 [inline]\nrcu_read_unlock_bh include/linux/rcupdate.h:820 [inline]\n__dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378\ndev_queue_xmit include/linux/netdevice.h:3171 [inline]\npacket_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3081 [inline]\npacket_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n__sys_sendto+0x735/0xa10 net/socket.c:2191\n__do_sys_sendto net/socket.c:2203 [inline]\n__se_sys_sendto net/socket.c:2199 [inline]\n__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\nUninit was created at:\nslab_post_alloc_hook mm/slub.c:3819 [inline]\nslab_alloc_node mm/slub.c:3860 [inline]\nkmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903\nkmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n__alloc_skb+0x352/0x790 net/core/skbuff.c:651\nalloc_skb include/linux/skbuff.h:1296 [inline]\nalloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394\nsock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783\npacket_alloc_skb net/packet/af_packet.c:2930 [inline]\npacket_snd net/packet/af_packet.c:3024 [inline]\npacket_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n__sys_sendto+0x735/0xa10 net/socket.c:2191\n__do_sys_sendto net/socket.c:2203 [inline]\n__se_sys_sendto net/socket.c:2199 [inline]\n__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b
See more information about CVE-2024-26857 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 4.4 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | High | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
