cve-2024-43878
Vulnerability from cvelistv5
Published
2024-08-21 00:06
Modified
2024-11-05 09:41
Severity ?
Summary
xfrm: Fix input error path memory access
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/54fcc6189dfb822eea984fa2b3e477a02447279d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a4c10813bc394ff2b5c61f913971be216f8f8834
Impacted products
Vendor Product Version
Linux Linux Version: 6.10
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43878",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:05:57.570463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:17.625Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/xfrm/xfrm_input.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a4c10813bc39",
              "status": "affected",
              "version": "304b44f0d5a4",
              "versionType": "git"
            },
            {
              "lessThan": "54fcc6189dfb",
              "status": "affected",
              "version": "304b44f0d5a4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/xfrm/xfrm_input.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.10"
            },
            {
              "lessThan": "6.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Fix input error path memory access\n\nWhen there is a misconfiguration of input state slow path\nKASAN report error. Fix this error.\nwest login:\n[   52.987278] eth1: renamed from veth11\n[   53.078814] eth1: renamed from veth21\n[   53.181355] eth1: renamed from veth31\n[   54.921702] ==================================================================\n[   54.922602] BUG: KASAN: wild-memory-access in xfrmi_rcv_cb+0x2d/0x295\n[   54.923393] Read of size 8 at addr 6b6b6b6b00000000 by task ping/512\n[   54.924169]\n[   54.924386] CPU: 0 PID: 512 Comm: ping Not tainted 6.9.0-08574-gcd29a4313a1b #25\n[   54.925290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   54.926401] Call Trace:\n[   54.926731]  \u003cIRQ\u003e\n[   54.927009]  dump_stack_lvl+0x2a/0x3b\n[   54.927478]  kasan_report+0x84/0xa6\n[   54.927930]  ? xfrmi_rcv_cb+0x2d/0x295\n[   54.928410]  xfrmi_rcv_cb+0x2d/0x295\n[   54.928872]  ? xfrm4_rcv_cb+0x3d/0x5e\n[   54.929354]  xfrm4_rcv_cb+0x46/0x5e\n[   54.929804]  xfrm_rcv_cb+0x7e/0xa1\n[   54.930240]  xfrm_input+0x1b3a/0x1b96\n[   54.930715]  ? xfrm_offload+0x41/0x41\n[   54.931182]  ? raw_rcv+0x292/0x292\n[   54.931617]  ? nf_conntrack_confirm+0xa2/0xa2\n[   54.932158]  ? skb_sec_path+0xd/0x3f\n[   54.932610]  ? xfrmi_input+0x90/0xce\n[   54.933066]  xfrm4_esp_rcv+0x33/0x54\n[   54.933521]  ip_protocol_deliver_rcu+0xd7/0x1b2\n[   54.934089]  ip_local_deliver_finish+0x110/0x120\n[   54.934659]  ? ip_protocol_deliver_rcu+0x1b2/0x1b2\n[   54.935248]  NF_HOOK.constprop.0+0xf8/0x138\n[   54.935767]  ? ip_sublist_rcv_finish+0x68/0x68\n[   54.936317]  ? secure_tcpv6_ts_off+0x23/0x168\n[   54.936859]  ? ip_protocol_deliver_rcu+0x1b2/0x1b2\n[   54.937454]  ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\n[   54.938135]  NF_HOOK.constprop.0+0xf8/0x138\n[   54.938663]  ? ip_sublist_rcv_finish+0x68/0x68\n[   54.939220]  ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\n[   54.939904]  ? ip_local_deliver_finish+0x120/0x120\n[   54.940497]  __netif_receive_skb_one_core+0xc9/0x107\n[   54.941121]  ? __netif_receive_skb_list_core+0x1c2/0x1c2\n[   54.941771]  ? blk_mq_start_stopped_hw_queues+0xc7/0xf9\n[   54.942413]  ? blk_mq_start_stopped_hw_queue+0x38/0x38\n[   54.943044]  ? virtqueue_get_buf_ctx+0x295/0x46b\n[   54.943618]  process_backlog+0xb3/0x187\n[   54.944102]  __napi_poll.constprop.0+0x57/0x1a7\n[   54.944669]  net_rx_action+0x1cb/0x380\n[   54.945150]  ? __napi_poll.constprop.0+0x1a7/0x1a7\n[   54.945744]  ? vring_new_virtqueue+0x17a/0x17a\n[   54.946300]  ? note_interrupt+0x2cd/0x367\n[   54.946805]  handle_softirqs+0x13c/0x2c9\n[   54.947300]  do_softirq+0x5f/0x7d\n[   54.947727]  \u003c/IRQ\u003e\n[   54.948014]  \u003cTASK\u003e\n[   54.948300]  __local_bh_enable_ip+0x48/0x62\n[   54.948832]  __neigh_event_send+0x3fd/0x4ca\n[   54.949361]  neigh_resolve_output+0x1e/0x210\n[   54.949896]  ip_finish_output2+0x4bf/0x4f0\n[   54.950410]  ? __ip_finish_output+0x171/0x1b8\n[   54.950956]  ip_send_skb+0x25/0x57\n[   54.951390]  raw_sendmsg+0xf95/0x10c0\n[   54.951850]  ? check_new_pages+0x45/0x71\n[   54.952343]  ? raw_hash_sk+0x21b/0x21b\n[   54.952815]  ? kernel_init_pages+0x42/0x51\n[   54.953337]  ? prep_new_page+0x44/0x51\n[   54.953811]  ? get_page_from_freelist+0x72b/0x915\n[   54.954390]  ? signal_pending_state+0x77/0x77\n[   54.954936]  ? preempt_count_sub+0x14/0xb3\n[   54.955450]  ? __might_resched+0x8a/0x240\n[   54.955951]  ? __might_sleep+0x25/0xa0\n[   54.956424]  ? first_zones_zonelist+0x2c/0x43\n[   54.956977]  ? __rcu_read_lock+0x2d/0x3a\n[   54.957476]  ? __pte_offset_map+0x32/0xa4\n[   54.957980]  ? __might_resched+0x8a/0x240\n[   54.958483]  ? __might_sleep+0x25/0xa0\n[   54.958963]  ? inet_send_prepare+0x54/0x54\n[   54.959478]  ? sock_sendmsg_nosec+0x42/0x6c\n[   54.960000]  sock_sendmsg_nosec+0x42/0x6c\n[   54.960502]  __sys_sendto+0x15d/0x1cc\n[   54.960966]  ? __x64_sys_getpeername+0x44/0x44\n[   54.961522]  ? __handle_mm_fault+0x679/0xae4\n[   54.962068]  ? find_vma+0x6b/0x\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:41:39.997Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a4c10813bc394ff2b5c61f913971be216f8f8834"
        },
        {
          "url": "https://git.kernel.org/stable/c/54fcc6189dfb822eea984fa2b3e477a02447279d"
        }
      ],
      "title": "xfrm: Fix input error path memory access",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43878",
    "datePublished": "2024-08-21T00:06:30.412Z",
    "dateReserved": "2024-08-17T09:11:59.286Z",
    "dateUpdated": "2024-11-05T09:41:39.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-43878\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-21T01:15:12.093\",\"lastModified\":\"2024-08-21T12:30:33.697\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nxfrm: Fix input error path memory access\\n\\nWhen there is a misconfiguration of input state slow path\\nKASAN report error. Fix this error.\\nwest login:\\n[   52.987278] eth1: renamed from veth11\\n[   53.078814] eth1: renamed from veth21\\n[   53.181355] eth1: renamed from veth31\\n[   54.921702] ==================================================================\\n[   54.922602] BUG: KASAN: wild-memory-access in xfrmi_rcv_cb+0x2d/0x295\\n[   54.923393] Read of size 8 at addr 6b6b6b6b00000000 by task ping/512\\n[   54.924169]\\n[   54.924386] CPU: 0 PID: 512 Comm: ping Not tainted 6.9.0-08574-gcd29a4313a1b #25\\n[   54.925290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\\n[   54.926401] Call Trace:\\n[   54.926731]  \u003cIRQ\u003e\\n[   54.927009]  dump_stack_lvl+0x2a/0x3b\\n[   54.927478]  kasan_report+0x84/0xa6\\n[   54.927930]  ? xfrmi_rcv_cb+0x2d/0x295\\n[   54.928410]  xfrmi_rcv_cb+0x2d/0x295\\n[   54.928872]  ? xfrm4_rcv_cb+0x3d/0x5e\\n[   54.929354]  xfrm4_rcv_cb+0x46/0x5e\\n[   54.929804]  xfrm_rcv_cb+0x7e/0xa1\\n[   54.930240]  xfrm_input+0x1b3a/0x1b96\\n[   54.930715]  ? xfrm_offload+0x41/0x41\\n[   54.931182]  ? raw_rcv+0x292/0x292\\n[   54.931617]  ? nf_conntrack_confirm+0xa2/0xa2\\n[   54.932158]  ? skb_sec_path+0xd/0x3f\\n[   54.932610]  ? xfrmi_input+0x90/0xce\\n[   54.933066]  xfrm4_esp_rcv+0x33/0x54\\n[   54.933521]  ip_protocol_deliver_rcu+0xd7/0x1b2\\n[   54.934089]  ip_local_deliver_finish+0x110/0x120\\n[   54.934659]  ? ip_protocol_deliver_rcu+0x1b2/0x1b2\\n[   54.935248]  NF_HOOK.constprop.0+0xf8/0x138\\n[   54.935767]  ? ip_sublist_rcv_finish+0x68/0x68\\n[   54.936317]  ? secure_tcpv6_ts_off+0x23/0x168\\n[   54.936859]  ? ip_protocol_deliver_rcu+0x1b2/0x1b2\\n[   54.937454]  ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\\n[   54.938135]  NF_HOOK.constprop.0+0xf8/0x138\\n[   54.938663]  ? ip_sublist_rcv_finish+0x68/0x68\\n[   54.939220]  ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\\n[   54.939904]  ? ip_local_deliver_finish+0x120/0x120\\n[   54.940497]  __netif_receive_skb_one_core+0xc9/0x107\\n[   54.941121]  ? __netif_receive_skb_list_core+0x1c2/0x1c2\\n[   54.941771]  ? blk_mq_start_stopped_hw_queues+0xc7/0xf9\\n[   54.942413]  ? blk_mq_start_stopped_hw_queue+0x38/0x38\\n[   54.943044]  ? virtqueue_get_buf_ctx+0x295/0x46b\\n[   54.943618]  process_backlog+0xb3/0x187\\n[   54.944102]  __napi_poll.constprop.0+0x57/0x1a7\\n[   54.944669]  net_rx_action+0x1cb/0x380\\n[   54.945150]  ? __napi_poll.constprop.0+0x1a7/0x1a7\\n[   54.945744]  ? vring_new_virtqueue+0x17a/0x17a\\n[   54.946300]  ? note_interrupt+0x2cd/0x367\\n[   54.946805]  handle_softirqs+0x13c/0x2c9\\n[   54.947300]  do_softirq+0x5f/0x7d\\n[   54.947727]  \u003c/IRQ\u003e\\n[   54.948014]  \u003cTASK\u003e\\n[   54.948300]  __local_bh_enable_ip+0x48/0x62\\n[   54.948832]  __neigh_event_send+0x3fd/0x4ca\\n[   54.949361]  neigh_resolve_output+0x1e/0x210\\n[   54.949896]  ip_finish_output2+0x4bf/0x4f0\\n[   54.950410]  ? __ip_finish_output+0x171/0x1b8\\n[   54.950956]  ip_send_skb+0x25/0x57\\n[   54.951390]  raw_sendmsg+0xf95/0x10c0\\n[   54.951850]  ? check_new_pages+0x45/0x71\\n[   54.952343]  ? raw_hash_sk+0x21b/0x21b\\n[   54.952815]  ? kernel_init_pages+0x42/0x51\\n[   54.953337]  ? prep_new_page+0x44/0x51\\n[   54.953811]  ? get_page_from_freelist+0x72b/0x915\\n[   54.954390]  ? signal_pending_state+0x77/0x77\\n[   54.954936]  ? preempt_count_sub+0x14/0xb3\\n[   54.955450]  ? __might_resched+0x8a/0x240\\n[   54.955951]  ? __might_sleep+0x25/0xa0\\n[   54.956424]  ? first_zones_zonelist+0x2c/0x43\\n[   54.956977]  ? __rcu_read_lock+0x2d/0x3a\\n[   54.957476]  ? __pte_offset_map+0x32/0xa4\\n[   54.957980]  ? __might_resched+0x8a/0x240\\n[   54.958483]  ? __might_sleep+0x25/0xa0\\n[   54.958963]  ? inet_send_prepare+0x54/0x54\\n[   54.959478]  ? sock_sendmsg_nosec+0x42/0x6c\\n[   54.960000]  sock_sendmsg_nosec+0x42/0x6c\\n[   54.960502]  __sys_sendto+0x15d/0x1cc\\n[   54.960966]  ? __x64_sys_getpeername+0x44/0x44\\n[   54.961522]  ? __handle_mm_fault+0x679/0xae4\\n[   54.962068]  ? find_vma+0x6b/0x\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfrm: corrige el error de acceso a la memoria de la ruta de entrada Cuando hay una mala configuraci\u00f3n del estado de entrada, la ruta lenta KASAN informa el error. Corrija este error. inicio de sesi\u00f3n oeste: [52.987278] eth1: renombrado de veth11 [53.078814] eth1: renombrado de veth21 [53.181355] eth1: renombrado de veth31 [54.921702] ===================== =============================================== [ 54.922602] ERROR : KASAN: acceso a memoria salvaje en xfrmi_rcv_cb+0x2d/0x295 [ 54.923393] Lectura de tama\u00f1o 8 en la direcci\u00f3n 6b6b6b6b00000000 mediante tarea ping/512 [ 54.924169] [ 54.924386] CPU: 0 PID: 512 Comm: ping No contaminado 6. 9.0- 08574-gcd29a4313a1b #25 [ 54.925290] Nombre de hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 01/04/2014 [ 54.926401] Seguimiento de llamadas: [ 54.926731]  [54.927009] dump_stack_lvl+0x2a/0x3b [54.927478] kasan_report+0x84/0xa6 [54.927930]? xfrmi_rcv_cb+0x2d/0x295 [ 54.928410] xfrmi_rcv_cb+0x2d/0x295 [ 54.928872] ? xfrm4_rcv_cb+0x3d/0x5e [ 54.929354] xfrm4_rcv_cb+0x46/0x5e [ 54.929804] xfrm_rcv_cb+0x7e/0xa1 [ 54.930240] xfrm_input+0x1b3a/0x1b96 [ 54.930715] ? xfrm_offload+0x41/0x41 [54.931182]? raw_rcv+0x292/0x292 [54.931617]? nf_conntrack_confirm+0xa2/0xa2 [54.932158]? skb_sec_path+0xd/0x3f [54.932610]? xfrmi_input+0x90/0xce [ 54.933066] xfrm4_esp_rcv+0x33/0x54 [ 54.933521] ip_protocol_deliver_rcu+0xd7/0x1b2 [ 54.934089] ip_local_deliver_finish+0x110/0x120 [ 54.93 4659] ? ip_protocol_deliver_rcu+0x1b2/0x1b2 [ 54.935248] NF_HOOK.constprop.0+0xf8/0x138 [ 54.935767] ? ip_sublist_rcv_finish+0x68/0x68 [54.936317]? \u00bfsecure_tcpv6_ts_off+0x23/0x168 [54.936859]? ip_protocol_deliver_rcu+0x1b2/0x1b2 [54.937454]? __xfrm_policy_check2.constprop.0+0x18d/0x18d [ 54.938135] NF_HOOK.constprop.0+0xf8/0x138 [ 54.938663] ? ip_sublist_rcv_finish+0x68/0x68 [54.939220]? __xfrm_policy_check2.constprop.0+0x18d/0x18d [54.939904]? ip_local_deliver_finish+0x120/0x120 [ 54.940497] __netif_receive_skb_one_core+0xc9/0x107 [ 54.941121] ? __netif_receive_skb_list_core+0x1c2/0x1c2 [54.941771]? blk_mq_start_stopped_hw_queues+0xc7/0xf9 [54.942413]? blk_mq_start_stopped_hw_queue+0x38/0x38 [54.943044]? virtqueue_get_buf_ctx+0x295/0x46b [ 54.943618] Process_backlog+0xb3/0x187 [ 54.944102] __napi_poll.constprop.0+0x57/0x1a7 [ 54.944669] net_rx_action+0x1cb/0x380 [ 54.94 5150] ? __napi_poll.constprop.0+0x1a7/0x1a7 [54.945744]? vring_new_virtqueue+0x17a/0x17a [54.946300]? note_interrupt+0x2cd/0x367 [ 54.946805] handle_softirqs+0x13c/0x2c9 [ 54.947300] do_softirq+0x5f/0x7d [ 54.947727]  [ 54.948014]  [ 54.948300] _enable_ip+0x48/0x62 [ 54.948832] __neigh_event_send+0x3fd/0x4ca [ 54.949361] neigh_resolve_output+0x1e/0x210 [ 54.949896] ip_finish_output2+0x4bf/0x4f0 [ 54.950410] ? __ip_finish_output+0x171/0x1b8 [ 54.950956] ip_send_skb+0x25/0x57 [ 54.951390] raw_sendmsg+0xf95/0x10c0 [ 54.951850] ? check_new_pages+0x45/0x71 [ 54.952343] ? raw_hash_sk+0x21b/0x21b [54.952815]? kernel_init_pages+0x42/0x51 [54.953337]? prep_new_page+0x44/0x51 [54.953811]? get_page_from_freelist+0x72b/0x915 [54.954390]? signal_pending_state+0x77/0x77 [54.954936]? preempt_count_sub+0x14/0xb3 [54.955450]? __might_resched+0x8a/0x240 [ 54.955951] ? __might_sleep+0x25/0xa0 [ 54.956424] ? first_zones_zonelist+0x2c/0x43 [ 54.956977] ? __rcu_read_lock+0x2d/0x3a [ 54.957476] ? __pte_offset_map+0x32/0xa4 [54.957980]? __might_resched+0x8a/0x240 [ 54.958483] ? __might_sleep+0x25/0xa0 [ 54.958963] ? inet_send_prepare+0x54/0x54 [54.959478]? sock_sendmsg_nosec+0x42/0x6c [ 54.960000] sock_sendmsg_nosec+0x42/0x6c [ 54.960502] __sys_sendto+0x15d/0x1cc [ 54.960966] ? __x64_sys_getpeername+0x44/0x44 [ 54.961522] ? __handle_mm_fault+0x679/0xae4 [ 54.962068] ? find_vma+0x6b/0x ---truncado---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/54fcc6189dfb822eea984fa2b3e477a02447279d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a4c10813bc394ff2b5c61f913971be216f8f8834\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.