fkie_nvd - fkie_cve-2024-56639

fkie_cve-2024-56639

Vulnerability from fkie_nvd

Published

2024-12-27 15:15

Modified

2024-12-27 15:15

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net: hsr: must allocate more bytes for RedBox support Blamed commit forgot to change hsr_init_skb() to allocate larger skb for RedBox case. Indeed, send_hsr_supervision_frame() will add two additional components (struct hsr_sup_tlv and struct hsr_sup_payload) syzbot reported the following crash: skbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 2 UID: 0 PID: 7611 Comm: syz-executor Not tainted 6.12.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206 Code: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 <0f> 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c RSP: 0018:ffffc90000858ab8 EFLAGS: 00010282 RAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69 RDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005 RBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a R13: 0000000000000006 R14: ffff88804b938130 R15: 0000000000000140 FS: 000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> skb_over_panic net/core/skbuff.c:211 [inline] skb_put+0x174/0x1b0 net/core/skbuff.c:2617 send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342 hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436 call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794 expire_timers kernel/time/timer.c:1845 [inline] __run_timers+0x6e8/0x930 kernel/time/timer.c:2419 __run_timer_base kernel/time/timer.c:2430 [inline] __run_timer_base kernel/time/timer.c:2423 [inline] run_timer_base+0x111/0x190 kernel/time/timer.c:2439 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049 </IRQ>

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/688842f47ee9fb392d1c3a1ced1d21d505b14968
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/af8edaeddbc52e53207d859c912b017fd9a77629

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: must allocate more bytes for RedBox support\n\nBlamed commit forgot to change hsr_init_skb() to allocate\nlarger skb for RedBox case.\n\nIndeed, send_hsr_supervision_frame() will add\ntwo additional components (struct hsr_sup_tlv\nand struct hsr_sup_payload)\n\nsyzbot reported the following crash:\nskbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 2 UID: 0 PID: 7611 Comm: syz-executor Not tainted 6.12.0-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206\nCode: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 <0f> 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c\nRSP: 0018:ffffc90000858ab8 EFLAGS: 00010282\nRAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69\nRDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005\nRBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a\nR13: 0000000000000006 R14: ffff88804b938130 R15: 0000000000000140\nFS:  000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <IRQ>\n  skb_over_panic net/core/skbuff.c:211 [inline]\n  skb_put+0x174/0x1b0 net/core/skbuff.c:2617\n  send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342\n  hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436\n  call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794\n  expire_timers kernel/time/timer.c:1845 [inline]\n  __run_timers+0x6e8/0x930 kernel/time/timer.c:2419\n  __run_timer_base kernel/time/timer.c:2430 [inline]\n  __run_timer_base kernel/time/timer.c:2423 [inline]\n  run_timer_base+0x111/0x190 kernel/time/timer.c:2439\n  run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449\n  handle_softirqs+0x213/0x8f0 kernel/softirq.c:554\n  __do_softirq kernel/softirq.c:588 [inline]\n  invoke_softirq kernel/softirq.c:428 [inline]\n  __irq_exit_rcu kernel/softirq.c:637 [inline]\n  irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649\n  instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n  sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049\n </IRQ>",
      },
      {
         lang: "es",
         value: "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hsr: debe asignar más bytes para la compatibilidad con RedBox el commit culpada olvidó cambiar hsr_init_skb() para asignar skb más grande para el caso de RedBox. De hecho, send_hsr_supervision_frame() agregará dos componentes adicionales (struct hsr_sup_tlv y struct hsr_sup_payload) syzbot informó el siguiente fallo: skbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0 ------------[ corte aquí ]------------ ¡ERROR del kernel en net/core/skbuff.c:206! Oops: código de operación no válido: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 2 UID: 0 PID: 7611 Comm: syz-executor No contaminado 6.12.0-syzkaller #0 Nombre del hardware: PC estándar QEMU (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 01/04/2014 RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206 Código: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 &lt;0f&gt; 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c RSP: 0018:ffffc90000858ab8 EFLAGS: 00010282 RAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69 RDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005 RBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a R13: 000000000000006 R14: ffff88804b938130 R15: 0000000000000140 FS: 000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas:  skb_over_panic net/core/skbuff.c:211 [en línea] skb_put+0x174/0x1b0 net/core/skbuff.c:2617 send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342 hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436 call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794 expire_timers kernel/time/timer.c:1845 [en línea] __run_timers+0x6e8/0x930 kernel/time/timer.c:2419 __run_timer_base kernel/time/timer.c:2430 [en línea] __run_timer_base kernel/time/timer.c:2423 [en línea] run_timer_base+0x111/0x190 kernel/time/timer.c:2439 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [en línea] anybody_softirq kernel/softirq.c:428 [en línea] __irq_exit_rcu kernel/softirq.c:637 [en línea] anyone_exit_rcu+0xbb/0x120 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [en línea] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049 ",
      },
   ],
   id: "CVE-2024-56639",
   lastModified: "2024-12-27T15:15:23.633",
   metrics: {},
   published: "2024-12-27T15:15:23.633",
   references: [
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/688842f47ee9fb392d1c3a1ced1d21d505b14968",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/af8edaeddbc52e53207d859c912b017fd9a77629",
      },
   ],
   sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   vulnStatus: "Awaiting Analysis",
}

cve-2024-56639

Vulnerability from cvelistv5

Published

2024-12-27 15:02

Modified

2025-01-20 06:24

Severity ?

Summary

References

▼	URL	Tags
	https://git.kernel.org/stable/c/688842f47ee9fb392d1c3a1ced1d21d505b14968
	https://git.kernel.org/stable/c/af8edaeddbc52e53207d859c912b017fd9a77629

Impacted products

Vendor

Product

Version

▼

Linux

Version: 5055cccfc2d1cc1a7306f6bcdcd0ee9521d707f5
Version: 5055cccfc2d1cc1a7306f6bcdcd0ee9521d707f5

Linux

Version: 6.10

Show details on NVD website

JSON

To clipboard

{
   containers: {
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Linux",
               programFiles: [
                  "net/hsr/hsr_device.c",
               ],
               repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               vendor: "Linux",
               versions: [
                  {
                     lessThan: "688842f47ee9fb392d1c3a1ced1d21d505b14968",
                     status: "affected",
                     version: "5055cccfc2d1cc1a7306f6bcdcd0ee9521d707f5",
                     versionType: "git",
                  },
                  {
                     lessThan: "af8edaeddbc52e53207d859c912b017fd9a77629",
                     status: "affected",
                     version: "5055cccfc2d1cc1a7306f6bcdcd0ee9521d707f5",
                     versionType: "git",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "Linux",
               programFiles: [
                  "net/hsr/hsr_device.c",
               ],
               repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               vendor: "Linux",
               versions: [
                  {
                     status: "affected",
                     version: "6.10",
                  },
                  {
                     lessThan: "6.10",
                     status: "unaffected",
                     version: "0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.12.*",
                     status: "unaffected",
                     version: "6.12.5",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "*",
                     status: "unaffected",
                     version: "6.13",
                     versionType: "original_commit_for_fix",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: must allocate more bytes for RedBox support\n\nBlamed commit forgot to change hsr_init_skb() to allocate\nlarger skb for RedBox case.\n\nIndeed, send_hsr_supervision_frame() will add\ntwo additional components (struct hsr_sup_tlv\nand struct hsr_sup_payload)\n\nsyzbot reported the following crash:\nskbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 2 UID: 0 PID: 7611 Comm: syz-executor Not tainted 6.12.0-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206\nCode: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 <0f> 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c\nRSP: 0018:ffffc90000858ab8 EFLAGS: 00010282\nRAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69\nRDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005\nRBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a\nR13: 0000000000000006 R14: ffff88804b938130 R15: 0000000000000140\nFS:  000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <IRQ>\n  skb_over_panic net/core/skbuff.c:211 [inline]\n  skb_put+0x174/0x1b0 net/core/skbuff.c:2617\n  send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342\n  hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436\n  call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794\n  expire_timers kernel/time/timer.c:1845 [inline]\n  __run_timers+0x6e8/0x930 kernel/time/timer.c:2419\n  __run_timer_base kernel/time/timer.c:2430 [inline]\n  __run_timer_base kernel/time/timer.c:2423 [inline]\n  run_timer_base+0x111/0x190 kernel/time/timer.c:2439\n  run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449\n  handle_softirqs+0x213/0x8f0 kernel/softirq.c:554\n  __do_softirq kernel/softirq.c:588 [inline]\n  invoke_softirq kernel/softirq.c:428 [inline]\n  __irq_exit_rcu kernel/softirq.c:637 [inline]\n  irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649\n  instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n  sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049\n </IRQ>",
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-20T06:24:50.287Z",
            orgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            shortName: "Linux",
         },
         references: [
            {
               url: "https://git.kernel.org/stable/c/688842f47ee9fb392d1c3a1ced1d21d505b14968",
            },
            {
               url: "https://git.kernel.org/stable/c/af8edaeddbc52e53207d859c912b017fd9a77629",
            },
         ],
         title: "net: hsr: must allocate more bytes for RedBox support",
         x_generator: {
            engine: "bippy-5f407fcff5a0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      assignerShortName: "Linux",
      cveId: "CVE-2024-56639",
      datePublished: "2024-12-27T15:02:41.549Z",
      dateReserved: "2024-12-27T15:00:39.839Z",
      dateUpdated: "2025-01-20T06:24:50.287Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted