cve-2024-45030
Vulnerability from cvelistv5
Published
2024-09-11 15:14
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
igb: cope with large MAX_SKB_FRAGS
Sabrina reports that the igb driver does not cope well with large
MAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload
corruption on TX.
An easy reproducer is to run ssh to connect to the machine. With
MAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails. This has
been reported originally in
https://bugzilla.redhat.com/show_bug.cgi?id=2265320
The root cause of the issue is that the driver does not take into
account properly the (possibly large) shared info size when selecting
the ring layout, and will try to fit two packets inside the same 4K
page even when the 1st fraglist will trump over the 2nd head.
Address the issue by checking if 2K buffers are insufficient.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45030", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-29T15:45:35.285052Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-29T15:45:49.478Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/intel/igb/igb_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8ea80ff5d8298356d28077bc30913ed37df65109", "status": "affected", "version": "3948b05950fdd64002a5f182c65ba5cf2d53cf71", "versionType": "git" }, { "lessThan": "b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab", "status": "affected", "version": "3948b05950fdd64002a5f182c65ba5cf2d53cf71", "versionType": "git" }, { "lessThan": "8aba27c4a5020abdf60149239198297f88338a8d", "status": "affected", "version": "3948b05950fdd64002a5f182c65ba5cf2d53cf71", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/intel/igb/igb_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.48", "versionType": "semver" }, { "lessThanOrEqual": "6.10.*", "status": "unaffected", "version": "6.10.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine. With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails. This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:20:39.021Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109" }, { "url": "https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab" }, { "url": "https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d" } ], "title": "igb: cope with large MAX_SKB_FRAGS", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-45030", "datePublished": "2024-09-11T15:14:00.886Z", "dateReserved": "2024-08-21T05:34:56.685Z", "dateUpdated": "2024-12-19T09:20:39.021Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-45030\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-09-11T16:15:07.770\",\"lastModified\":\"2024-09-13T16:29:23.557\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nigb: cope with large MAX_SKB_FRAGS\\n\\nSabrina reports that the igb driver does not cope well with large\\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\\ncorruption on TX.\\n\\nAn easy reproducer is to run ssh to connect to the machine. With\\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails. This has\\nbeen reported originally in\\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\\n\\nThe root cause of the issue is that the driver does not take into\\naccount properly the (possibly large) shared info size when selecting\\nthe ring layout, and will try to fit two packets inside the same 4K\\npage even when the 1st fraglist will trump over the 2nd head.\\n\\nAddress the issue by checking if 2K buffers are insufficient.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igb: maneja valores MAX_SKB_FRAGS grandes Sabrina informa que el controlador igb no maneja bien valores MAX_SKB_FRAG grandes: configurar MAX_SKB_FRAG en 45 causa corrupci\u00f3n de payload en TX. Un reproductor f\u00e1cil es ejecutar ssh para conectarse a la m\u00e1quina. Con MAX_SKB_FRAGS=17 funciona, con MAX_SKB_FRAGS=45 falla. Esto se inform\u00f3 originalmente en https://bugzilla.redhat.com/show_bug.cgi?id=2265320 La causa ra\u00edz del problema es que el controlador no tiene en cuenta correctamente el tama\u00f1o de informaci\u00f3n compartida (posiblemente grande) al seleccionar el dise\u00f1o de anillo, e intentar\u00e1 ajustar dos paquetes dentro de la misma p\u00e1gina de 4K incluso cuando la primera lista de fragmentos prevalecer\u00e1 sobre la segunda cabeza. Aborde el problema verificando si los b\u00faferes de 2K son insuficientes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4\",\"versionEndExcluding\":\"6.6.48\",\"matchCriteriaId\":\"EFA932A8-AACF-430D-AFBC-9A93F0749D68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.10.7\",\"matchCriteriaId\":\"D2AFDFD1-D95A-4EB7-843B-5E7659518B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3CE743-2126-47A3-8B7C-822B502CF119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEB27E7-30AA-45CC-8934-B89263EF3551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0005AEF-856E-47EB-BFE4-90C46899394D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"39889A68-6D34-47A6-82FC-CD0BF23D6754\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.