CVE-2024-45001
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-45001
CVE Details
| Release Date: | 2024-09-04 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\nTo fix this bug, add proper alignment to the alloc_size calculation.\nSample panic info:\n[ 253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[ 253.300900] Mem abort info:\n[ 253.301760] ESR = 0x0000000096000021\n[ 253.302825] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 253.304268] SET = 0, FnV = 0\n[ 253.305172] EA = 0, S1PTW = 0\n[ 253.306103] FSC = 0x21: alignment fault\nCall trace:\n__skb_clone+0xfc/0x198\nskb_clone+0x78/0xe0\nraw6_local_deliver+0xfc/0x228\nip6_protocol_deliver_rcu+0x80/0x500\nip6_input_finish+0x48/0x80\nip6_input+0x48/0xc0\nip6_sublist_rcv_finish+0x50/0x78\nip6_sublist_rcv+0x1cc/0x2b8\nipv6_list_rcv+0x100/0x150\n__netif_receive_skb_list_core+0x180/0x220\nnetif_receive_skb_list_internal+0x198/0x2a8\n__napi_poll+0x138/0x250\nnet_rx_action+0x148/0x330\nhandle_softirqs+0x12c/0x3a0
See more information about CVE-2024-45001 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
| Base Score: | 5.5 |
| Vector String: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Version: | 3.1 |
| Attack Vector: | Local |
| Attack Complexity: | Low |
| Privileges Required: | Low |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality: | None |
| Integrity: | None |
| Availability: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12887 | 2024-12-18 |
| Oracle Linux version 9 (kernel-uek) | ELSA-2024-12887 | 2024-12-18 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
