CVE-2024-27013
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-27013
CVE Details
| Release Date: | 2024-05-01 |
Description
In the Linux kernel, the following vulnerability has been resolved:\ntun: limit printing rate when illegal packet received by tun dev\nvhost_worker will call tun call backs to receive packets. If too many\nillegal packets arrives, tun_do_read will keep dumping packet contents.\nWhen console is enabled, it will costs much more cpu time to dump\npacket and soft lockup will be detected.\nnet_ratelimit mechanism can be used to limit the dumping rate.\nPID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: 'vhost-32980'\n#0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253\n#1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3\n#2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e\n#3 [fffffe00003fced0] do_nmi at ffffffff8922660d\n#4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663\n[exception RIP: io_serial_in+20]\nRIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002\nRAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000\nRDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0\nRBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f\nR10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020\nR13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000\nORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n#5 [ffffa655314979e8] io_serial_in at ffffffff89792594\n#6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470\n#7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6\n#8 [ffffa65531497a20] uart_console_write at ffffffff8978b605\n#9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558\n#10 [ffffa65531497ac8] console_unlock at ffffffff89316124\n#11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07\n#12 [ffffa65531497b68] printk at ffffffff89318306\n#13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765\n#14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun]\n#15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun]\n#16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net]\n#17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost]\n#18 [ffffa65531497f10] kthread at ffffffff892d2e72\n#19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f
See more information about CVE-2024-27013 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (kernel) | ELSA-2024-7000 | 2024-09-24 |
| Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
