cve-2024-39293
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-12-19 09:06
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Revert "xsk: Support redirect to any socket bound to the same umem"
This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.
This patch introduced a potential kernel crash when multiple napi instances
redirect to the same AF_XDP socket. By removing the queue_index check, it is
possible for multiple napi instances to access the Rx ring at the same time,
which will result in a corrupted ring state which can lead to a crash when
flushing the rings in __xsk_flush(). This can happen when the linked list of
sockets to flush gets corrupted by concurrent accesses. A quick and small fix
is not possible, so let us revert this for now.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T20:47:03.644056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T20:47:15.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/xdp/xsk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19cb40b1064566ea09538289bfcf5bc7ecb9b6f5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7fcf26b315bbb728036da0862de6b335da83dff2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/xdp/xsk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"xsk: Support redirect to any socket bound to the same umem\"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:06:30.423Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5"
},
{
"url": "https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2"
}
],
"title": "Revert \"xsk: Support redirect to any socket bound to the same umem\"",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39293",
"datePublished": "2024-06-25T14:22:39.550Z",
"dateReserved": "2024-06-24T13:53:25.541Z",
"dateUpdated": "2024-12-19T09:06:30.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39293\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-25T15:15:13.993\",\"lastModified\":\"2024-11-21T09:27:24.390\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRevert \\\"xsk: Support redirect to any socket bound to the same umem\\\"\\n\\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\\n\\nThis patch introduced a potential kernel crash when multiple napi instances\\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\\npossible for multiple napi instances to access the Rx ring at the same time,\\nwhich will result in a corrupted ring state which can lead to a crash when\\nflushing the rings in __xsk_flush(). This can happen when the linked list of\\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\\nis not possible, so let us revert this for now.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Revertir \\\"xsk: admite redirecci\u00f3n a cualquier socket vinculado al mismo umem\\\". Esto revierte el commit 2863d665ea41282379f108e4da6c8a2366ba66db. Este parche introdujo un posible fallo del kernel cuando varias instancias de napi se redirigen al mismo socket AF_XDP. Al eliminar la verificaci\u00f3n queue_index, es posible que varias instancias de napi accedan al anillo Rx al mismo tiempo, lo que resultar\u00e1 en un estado de anillo corrupto que puede provocar un bloqueo al vaciar los anillos en __xsk_flush(). Esto puede suceder cuando la lista vinculada de sockets para vaciar se corrompe por accesos simult\u00e1neos. No es posible una soluci\u00f3n r\u00e1pida y peque\u00f1a, as\u00ed que revirtamos esto por ahora.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.