CVE-2024-50033

CVE Details

Release Date:

2024-10-21

Description

In the Linux kernel, the following vulnerability has been resolved:\nslip: make slhc_remember() more robust against malicious packets\nsyzbot found that slhc_remember() was missing checks against\nmalicious packets [1].\nslhc_remember() only checked the size of the packet was at least 20,\nwhich is not good enough.\nWe need to make sure the packet includes the IPv4 and TCP header\nthat are supposed to be carried.\nAdd iph and th pointers to make the code more readable.\n[1]\nBUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\nslhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\nppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455\nppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline]\nppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212\nppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327\npppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\nsk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n__release_sock+0x1da/0x330 net/core/sock.c:3072\nrelease_sock+0x6b/0x250 net/core/sock.c:3626\npppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\nsock_sendmsg_nosec net/socket.c:729 [inline]\n__sock_sendmsg+0x30f/0x380 net/socket.c:744\n____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n__sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n__do_sys_sendmmsg net/socket.c:2771 [inline]\n__se_sys_sendmmsg net/socket.c:2768 [inline]\n__x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\nx64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nUninit was created at:\nslab_post_alloc_hook mm/slub.c:4091 [inline]\nslab_alloc_node mm/slub.c:4134 [inline]\nkmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\nkmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n__alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\nalloc_skb include/linux/skbuff.h:1322 [inline]\nsock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\npppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\nsock_sendmsg_nosec net/socket.c:729 [inline]\n__sock_sendmsg+0x30f/0x380 net/socket.c:744\n____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n__sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n__do_sys_sendmmsg net/socket.c:2771 [inline]\n__se_sys_sendmmsg net/socket.c:2768 [inline]\n__x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\nx64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nCPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024

See more information about CVE-2024-50033 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	5.5
Vector String:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version:	3.1
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	Low
User Interaction:	None
Scope:	Unchanged
Confidentiality:	None
Integrity:	None
Availability:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12884	2024-12-16
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12884	2024-12-16
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12887	2024-12-18
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12887	2024-12-18