CVE-2024-44999

CVE Details

Release Date:2024-09-04

Description


In the Linux kernel, the following vulnerability has been resolved:\ngtp: pull network headers in gtp_dev_xmit()\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\nUse pskb_inet_may_pull() to fix this issue.\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\nBUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\nBUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\nipv6_pdp_find drivers/net/gtp.c:220 [inline]\ngtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\ngtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n__netdev_start_xmit include/linux/netdevice.h:4913 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4922 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n__dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\ndev_queue_xmit include/linux/netdevice.h:3105 [inline]\npacket_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3145 [inline]\npacket_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0x30f/0x380 net/socket.c:745\n__sys_sendto+0x685/0x830 net/socket.c:2204\n__do_sys_sendto net/socket.c:2216 [inline]\n__se_sys_sendto net/socket.c:2212 [inline]\n__x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\nx64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nUninit was created at:\nslab_post_alloc_hook mm/slub.c:3994 [inline]\nslab_alloc_node mm/slub.c:4037 [inline]\nkmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\nkmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n__alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\nalloc_skb include/linux/skbuff.h:1320 [inline]\nalloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\nsock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\npacket_alloc_skb net/packet/af_packet.c:2994 [inline]\npacket_snd net/packet/af_packet.c:3088 [inline]\npacket_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0x30f/0x380 net/socket.c:745\n__sys_sendto+0x685/0x830 net/socket.c:2204\n__do_sys_sendto net/socket.c:2216 [inline]\n__se_sys_sendto net/socket.c:2212 [inline]\n__x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\nx64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024

See more information about CVE-2024-44999 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v3 metrics

Base Score: 7.1
Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Version: 3.1
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (kernel-uek)ELSA-2024-128132024-11-12
Oracle Linux version 7 (kernel-uek)ELSA-2024-128682024-12-06
Oracle Linux version 8 (kernel-uek)ELSA-2024-128132024-11-12
Oracle Linux version 8 (kernel-uek)ELSA-2024-128152024-11-11
Oracle Linux version 9 (kernel-uek)ELSA-2024-128152024-11-11


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete