ghsa-5c9v-q6g8-w92h
Vulnerability from github
Published
2024-08-21 03:31
Modified
2024-08-21 03:31
Details

In the Linux kernel, the following vulnerability has been resolved:

xfrm: Fix input error path memory access

When there is a misconfiguration of input state slow path KASAN report error. Fix this error. west login: [ 52.987278] eth1: renamed from veth11 [ 53.078814] eth1: renamed from veth21 [ 53.181355] eth1: renamed from veth31 [ 54.921702] ================================================================== [ 54.922602] BUG: KASAN: wild-memory-access in xfrmi_rcv_cb+0x2d/0x295 [ 54.923393] Read of size 8 at addr 6b6b6b6b00000000 by task ping/512 [ 54.924169] [ 54.924386] CPU: 0 PID: 512 Comm: ping Not tainted 6.9.0-08574-gcd29a4313a1b #25 [ 54.925290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 54.926401] Call Trace: [ 54.926731] [ 54.927009] dump_stack_lvl+0x2a/0x3b [ 54.927478] kasan_report+0x84/0xa6 [ 54.927930] ? xfrmi_rcv_cb+0x2d/0x295 [ 54.928410] xfrmi_rcv_cb+0x2d/0x295 [ 54.928872] ? xfrm4_rcv_cb+0x3d/0x5e [ 54.929354] xfrm4_rcv_cb+0x46/0x5e [ 54.929804] xfrm_rcv_cb+0x7e/0xa1 [ 54.930240] xfrm_input+0x1b3a/0x1b96 [ 54.930715] ? xfrm_offload+0x41/0x41 [ 54.931182] ? raw_rcv+0x292/0x292 [ 54.931617] ? nf_conntrack_confirm+0xa2/0xa2 [ 54.932158] ? skb_sec_path+0xd/0x3f [ 54.932610] ? xfrmi_input+0x90/0xce [ 54.933066] xfrm4_esp_rcv+0x33/0x54 [ 54.933521] ip_protocol_deliver_rcu+0xd7/0x1b2 [ 54.934089] ip_local_deliver_finish+0x110/0x120 [ 54.934659] ? ip_protocol_deliver_rcu+0x1b2/0x1b2 [ 54.935248] NF_HOOK.constprop.0+0xf8/0x138 [ 54.935767] ? ip_sublist_rcv_finish+0x68/0x68 [ 54.936317] ? secure_tcpv6_ts_off+0x23/0x168 [ 54.936859] ? ip_protocol_deliver_rcu+0x1b2/0x1b2 [ 54.937454] ? __xfrm_policy_check2.constprop.0+0x18d/0x18d [ 54.938135] NF_HOOK.constprop.0+0xf8/0x138 [ 54.938663] ? ip_sublist_rcv_finish+0x68/0x68 [ 54.939220] ? __xfrm_policy_check2.constprop.0+0x18d/0x18d [ 54.939904] ? ip_local_deliver_finish+0x120/0x120 [ 54.940497] __netif_receive_skb_one_core+0xc9/0x107 [ 54.941121] ? __netif_receive_skb_list_core+0x1c2/0x1c2 [ 54.941771] ? blk_mq_start_stopped_hw_queues+0xc7/0xf9 [ 54.942413] ? blk_mq_start_stopped_hw_queue+0x38/0x38 [ 54.943044] ? virtqueue_get_buf_ctx+0x295/0x46b [ 54.943618] process_backlog+0xb3/0x187 [ 54.944102] __napi_poll.constprop.0+0x57/0x1a7 [ 54.944669] net_rx_action+0x1cb/0x380 [ 54.945150] ? __napi_poll.constprop.0+0x1a7/0x1a7 [ 54.945744] ? vring_new_virtqueue+0x17a/0x17a [ 54.946300] ? note_interrupt+0x2cd/0x367 [ 54.946805] handle_softirqs+0x13c/0x2c9 [ 54.947300] do_softirq+0x5f/0x7d [ 54.947727] [ 54.948014] [ 54.948300] __local_bh_enable_ip+0x48/0x62 [ 54.948832] __neigh_event_send+0x3fd/0x4ca [ 54.949361] neigh_resolve_output+0x1e/0x210 [ 54.949896] ip_finish_output2+0x4bf/0x4f0 [ 54.950410] ? __ip_finish_output+0x171/0x1b8 [ 54.950956] ip_send_skb+0x25/0x57 [ 54.951390] raw_sendmsg+0xf95/0x10c0 [ 54.951850] ? check_new_pages+0x45/0x71 [ 54.952343] ? raw_hash_sk+0x21b/0x21b [ 54.952815] ? kernel_init_pages+0x42/0x51 [ 54.953337] ? prep_new_page+0x44/0x51 [ 54.953811] ? get_page_from_freelist+0x72b/0x915 [ 54.954390] ? signal_pending_state+0x77/0x77 [ 54.954936] ? preempt_count_sub+0x14/0xb3 [ 54.955450] ? __might_resched+0x8a/0x240 [ 54.955951] ? __might_sleep+0x25/0xa0 [ 54.956424] ? first_zones_zonelist+0x2c/0x43 [ 54.956977] ? __rcu_read_lock+0x2d/0x3a [ 54.957476] ? __pte_offset_map+0x32/0xa4 [ 54.957980] ? __might_resched+0x8a/0x240 [ 54.958483] ? __might_sleep+0x25/0xa0 [ 54.958963] ? inet_send_prepare+0x54/0x54 [ 54.959478] ? sock_sendmsg_nosec+0x42/0x6c [ 54.960000] sock_sendmsg_nosec+0x42/0x6c [ 54.960502] __sys_sendto+0x15d/0x1cc [ 54.960966] ? __x64_sys_getpeername+0x44/0x44 [ 54.961522] ? __handle_mm_fault+0x679/0xae4 [ 54.962068] ? find_vma+0x6b/0x ---truncated---

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-43878"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T01:15:12Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Fix input error path memory access\n\nWhen there is a misconfiguration of input state slow path\nKASAN report error. Fix this error.\nwest login:\n[   52.987278] eth1: renamed from veth11\n[   53.078814] eth1: renamed from veth21\n[   53.181355] eth1: renamed from veth31\n[   54.921702] ==================================================================\n[   54.922602] BUG: KASAN: wild-memory-access in xfrmi_rcv_cb+0x2d/0x295\n[   54.923393] Read of size 8 at addr 6b6b6b6b00000000 by task ping/512\n[   54.924169]\n[   54.924386] CPU: 0 PID: 512 Comm: ping Not tainted 6.9.0-08574-gcd29a4313a1b #25\n[   54.925290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   54.926401] Call Trace:\n[   54.926731]  \u003cIRQ\u003e\n[   54.927009]  dump_stack_lvl+0x2a/0x3b\n[   54.927478]  kasan_report+0x84/0xa6\n[   54.927930]  ? xfrmi_rcv_cb+0x2d/0x295\n[   54.928410]  xfrmi_rcv_cb+0x2d/0x295\n[   54.928872]  ? xfrm4_rcv_cb+0x3d/0x5e\n[   54.929354]  xfrm4_rcv_cb+0x46/0x5e\n[   54.929804]  xfrm_rcv_cb+0x7e/0xa1\n[   54.930240]  xfrm_input+0x1b3a/0x1b96\n[   54.930715]  ? xfrm_offload+0x41/0x41\n[   54.931182]  ? raw_rcv+0x292/0x292\n[   54.931617]  ? nf_conntrack_confirm+0xa2/0xa2\n[   54.932158]  ? skb_sec_path+0xd/0x3f\n[   54.932610]  ? xfrmi_input+0x90/0xce\n[   54.933066]  xfrm4_esp_rcv+0x33/0x54\n[   54.933521]  ip_protocol_deliver_rcu+0xd7/0x1b2\n[   54.934089]  ip_local_deliver_finish+0x110/0x120\n[   54.934659]  ? ip_protocol_deliver_rcu+0x1b2/0x1b2\n[   54.935248]  NF_HOOK.constprop.0+0xf8/0x138\n[   54.935767]  ? ip_sublist_rcv_finish+0x68/0x68\n[   54.936317]  ? secure_tcpv6_ts_off+0x23/0x168\n[   54.936859]  ? ip_protocol_deliver_rcu+0x1b2/0x1b2\n[   54.937454]  ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\n[   54.938135]  NF_HOOK.constprop.0+0xf8/0x138\n[   54.938663]  ? ip_sublist_rcv_finish+0x68/0x68\n[   54.939220]  ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\n[   54.939904]  ? ip_local_deliver_finish+0x120/0x120\n[   54.940497]  __netif_receive_skb_one_core+0xc9/0x107\n[   54.941121]  ? __netif_receive_skb_list_core+0x1c2/0x1c2\n[   54.941771]  ? blk_mq_start_stopped_hw_queues+0xc7/0xf9\n[   54.942413]  ? blk_mq_start_stopped_hw_queue+0x38/0x38\n[   54.943044]  ? virtqueue_get_buf_ctx+0x295/0x46b\n[   54.943618]  process_backlog+0xb3/0x187\n[   54.944102]  __napi_poll.constprop.0+0x57/0x1a7\n[   54.944669]  net_rx_action+0x1cb/0x380\n[   54.945150]  ? __napi_poll.constprop.0+0x1a7/0x1a7\n[   54.945744]  ? vring_new_virtqueue+0x17a/0x17a\n[   54.946300]  ? note_interrupt+0x2cd/0x367\n[   54.946805]  handle_softirqs+0x13c/0x2c9\n[   54.947300]  do_softirq+0x5f/0x7d\n[   54.947727]  \u003c/IRQ\u003e\n[   54.948014]  \u003cTASK\u003e\n[   54.948300]  __local_bh_enable_ip+0x48/0x62\n[   54.948832]  __neigh_event_send+0x3fd/0x4ca\n[   54.949361]  neigh_resolve_output+0x1e/0x210\n[   54.949896]  ip_finish_output2+0x4bf/0x4f0\n[   54.950410]  ? __ip_finish_output+0x171/0x1b8\n[   54.950956]  ip_send_skb+0x25/0x57\n[   54.951390]  raw_sendmsg+0xf95/0x10c0\n[   54.951850]  ? check_new_pages+0x45/0x71\n[   54.952343]  ? raw_hash_sk+0x21b/0x21b\n[   54.952815]  ? kernel_init_pages+0x42/0x51\n[   54.953337]  ? prep_new_page+0x44/0x51\n[   54.953811]  ? get_page_from_freelist+0x72b/0x915\n[   54.954390]  ? signal_pending_state+0x77/0x77\n[   54.954936]  ? preempt_count_sub+0x14/0xb3\n[   54.955450]  ? __might_resched+0x8a/0x240\n[   54.955951]  ? __might_sleep+0x25/0xa0\n[   54.956424]  ? first_zones_zonelist+0x2c/0x43\n[   54.956977]  ? __rcu_read_lock+0x2d/0x3a\n[   54.957476]  ? __pte_offset_map+0x32/0xa4\n[   54.957980]  ? __might_resched+0x8a/0x240\n[   54.958483]  ? __might_sleep+0x25/0xa0\n[   54.958963]  ? inet_send_prepare+0x54/0x54\n[   54.959478]  ? sock_sendmsg_nosec+0x42/0x6c\n[   54.960000]  sock_sendmsg_nosec+0x42/0x6c\n[   54.960502]  __sys_sendto+0x15d/0x1cc\n[   54.960966]  ? __x64_sys_getpeername+0x44/0x44\n[   54.961522]  ? __handle_mm_fault+0x679/0xae4\n[   54.962068]  ? find_vma+0x6b/0x\n---truncated---",
  "id": "GHSA-5c9v-q6g8-w92h",
  "modified": "2024-08-21T03:31:53Z",
  "published": "2024-08-21T03:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43878"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54fcc6189dfb822eea984fa2b3e477a02447279d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4c10813bc394ff2b5c61f913971be216f8f8834"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.