CVE-2024-47685
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-47685
CVE Details
| Release Date: | 2024-10-21 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending\ngarbage on the four reserved tcp bits (th->res1)\nUse skb_put_zero() to clear the whole TCP header,\nas done in nf_reject_ip_tcphdr_put()\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\nnf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\nnf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\nnft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\nexpr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\nnft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\nnft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\nnf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\nnf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\nnf_hook include/linux/netfilter.h:269 [inline]\nNF_HOOK include/linux/netfilter.h:312 [inline]\nipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n__netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n__netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\nprocess_backlog+0x4ad/0xa50 net/core/dev.c:6108\n__napi_poll+0xe7/0x980 net/core/dev.c:6772\nnapi_poll net/core/dev.c:6841 [inline]\nnet_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\nhandle_softirqs+0x1ce/0x800 kernel/softirq.c:554\n__do_softirq+0x14/0x1a kernel/softirq.c:588\ndo_softirq+0x9a/0x100 kernel/softirq.c:455\n__local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\nlocal_bh_enable include/linux/bottom_half.h:33 [inline]\nrcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\n__dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\ndev_queue_xmit include/linux/netdevice.h:3105 [inline]\nneigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\n__ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\nip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\ndst_output include/net/dst.h:450 [inline]\nNF_HOOK include/linux/netfilter.h:314 [inline]\nip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\ninet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\n__tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\ntcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\ntcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\ntcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\n__inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\ninet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\n__sys_connect_file net/socket.c:2061 [inline]\n__sys_connect+0x606/0x690 net/socket.c:2078\n__do_sys_connect net/socket.c:2088 [inline]\n__se_sys_connect net/socket.c:2085 [inline]\n__x64_sys_connect+0x91/0xe0 net/socket.c:2085\nx64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nUninit was stored to memory at:\nnf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\nnf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\nnft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\nexpr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\nnft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\nnft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\nnf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\nnf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\nnf_hook include/linux/netfilter.h:269 [inline]\nNF_HOOK include/linux/netfilter.h:312 [inline]\nipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n__netif_receive_skb_one_core\n---truncated---
See more information about CVE-2024-47685 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
| Base Score: | 5.5 |
| Vector String: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Version: | 3.1 |
| Attack Vector: | Local |
| Attack Complexity: | Low |
| Privileges Required: | Low |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality: | None |
| Integrity: | None |
| Availability: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12884 | 2024-12-16 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12884 | 2024-12-16 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
