CVE-2024-26733

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-26733
In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") just silenced syzkaller. [0]: memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK>

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a Patch
https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 Patch
https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 Patch
https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 Patch
https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 Patch
https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 Patch
https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a Patch
https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 Patch
https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 Patch
https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 Patch
https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 Patch
https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Mailing List
https://security.netapp.com/advisory/ntap-20241101-0013/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10.211:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netapp:a1k_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a1k:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netapp:a70_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a70:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:a90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a90:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8300:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8700:*:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a400:*:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netapp:c400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:c400:*:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a320:*:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a800:*:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netapp:c800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:c800:*:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netapp:a900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a900:*:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:netapp:9500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:9500:*:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:c190:*:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:netapp:a150_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a150:*:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a220:*:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas2720:*:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas2750:*:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:netapp:fas2820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas2820:*:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:netapp:a300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a300:*:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:netapp:8200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8200:*:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:netapp:a700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700:*:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:netapp:9000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:9000:*:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610c:*:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:*:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h615c:*:*:*:*:*:*:*:*

Configuration 29 (hide)

cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
History

17 Mar 2025, 16:02

Type Values Removed Values Added
First Time Netapp a700s
Netapp h610c
Netapp h610s
Netapp 8200 Firmware
Netapp a400
Netapp fas2820
Netapp c800
Netapp fas2720
Netapp c400 Firmware
Netapp a150 Firmware
Netapp e-series Santricity Os Controller
Netapp h610c Firmware
Netapp a320
Debian
Debian debian Linux
Netapp c190 Firmware
Linux
Netapp a700 Firmware
Netapp a320 Firmware
Netapp c400
Netapp a800 Firmware
Netapp a90
Netapp a300 Firmware
Netapp a900 Firmware
Netapp fas2750 Firmware
Netapp a220 Firmware
Netapp a300
Netapp a70 Firmware
Netapp 8700
Linux linux Kernel
Netapp fas2750
Netapp a1k
Netapp a900
Netapp c190
Netapp
Netapp a800
Netapp a700s Firmware
Netapp h610s Firmware
Netapp 9500 Firmware
Netapp h615c Firmware
Netapp a400 Firmware
Netapp 8300 Firmware
Netapp a1k Firmware
Netapp 9000
Netapp fas2720 Firmware
Netapp 8200
Netapp h615c
Netapp a150
Netapp 8700 Firmware
Netapp 9000 Firmware
Netapp a220
Netapp fas2820 Firmware
Netapp 9500
Netapp a700
Netapp a70
Netapp a90 Firmware
Netapp c800 Firmware
Netapp 8300
CPE cpe:2.3:h:netapp:a90:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:h:netapp:8300:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a900:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10.211:*:*:*:*:*:*:*
cpe:2.3:h:netapp:c400:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:9000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a1k_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:netapp:c800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610c:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:9000:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
cpe:2.3:o:netapp:a70_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:c400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:c190:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
cpe:2.3:o:netapp:fas2820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:8200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas2820:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h615c:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a800:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas2720:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas2750:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8200:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a70:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a150:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a320:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:c800:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8700:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a300:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:netapp:a150_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:9500:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:9500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a1k:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a400:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a220:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:netapp:a300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-787
References () https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a - () https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a - Patch
References () https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 - () https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 - Patch
References () https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 - () https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 - Patch
References () https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 - () https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 - Patch
References () https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 - () https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 - Patch
References () https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 - () https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 - Patch
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html - Mailing List
References () https://security.netapp.com/advisory/ntap-20241101-0013/ - () https://security.netapp.com/advisory/ntap-20241101-0013/ - Third Party Advisory

21 Nov 2024, 09:02

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -
  • () https://security.netapp.com/advisory/ntap-20241101-0013/ -
References () https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a - () https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a -
References () https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 - () https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 -
References () https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 - () https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 -
References () https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 - () https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 -
References () https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 - () https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 -
References () https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 - () https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 -

05 Nov 2024, 10:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

25 Jun 2024, 23:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -
Summary
  • (es) En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: arp: Evita el desbordamiento en arp_req_get(). syzkaller informó una escritura desbordada en arp_req_get(). [0] Cuando se emite ioctl(SIOCGARP), arp_req_get() busca una entrada vecina y copia neigh-&gt;ha para estructurar arpreq.arp_ha.sa_data. El arp_ha aquí es struct sockaddr, no struct sockaddr_storage, por lo que el búfer sa_data tiene solo 14 bytes. En el siguiente símbolo, se desbordan 2 bytes al siguiente campo int, arp_flags. Inicializamos el campo justo después de memcpy(), por lo que no es un problema. Sin embargo, cuando dev-&gt;addr_len es mayor que 22 (por ejemplo, MAX_ADDR_LEN), se sobrescribe arp_netmask, que podría configurarse como htonl(0xFFFFFFFFUL) en arp_ioctl() antes de llamar a arp_req_get(). Para evitar el desbordamiento, limitemos la longitud máxima de memcpy(). Tenga en cuenta que el commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") simplemente silenció a syzkaller. [0]: memcpy: escritura detectada en todos los campos (tamaño 16) de un solo campo "r-&gt;arp_ha.sa_data" en net/ipv4/arp.c:1128 (tamaño 14) ADVERTENCIA: CPU: 0 PID: 144638 en net /ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Módulos vinculados en: CPU: 0 PID: 144638 Comm: syz-executor.4 No contaminado 6.1.74 #31 Nombre de hardware: QEMU PC estándar (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 01/04/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Código: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb &lt;0f&gt; 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 00000000000000000 RBX: ffff88803a815000 RCX: 0000000000000 000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 00000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 0000 7f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4 : 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 00000000000000000 DR6: 00000000ffe0ff0 DR7: 000000 0000000400 PKRU: 55555554 Seguimiento de llamadas: arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [en línea] __do_sys_ioctl fs/ioctl.c:870 [en línea] __se_sys_ioctl fs/ioctl.c:856 [en línea] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [en línea] do_syscall_64+0x37/0x90 arch/x86/ entrada/common.c:81 entrada_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Código: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 0000024 6 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX : 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 00000000000000003 RBP: 00007f172b2d3493 R08: 0 000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000

03 Apr 2024, 17:24

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-03 17:15

Updated : 2025-03-17 16:02

NVD link : CVE-2024-26733

Mitre link : CVE-2024-26733

CVE.ORG link : CVE-2024-26733

JSON object : View

Products Affected

netapp

  • fas2750_firmware
  • a700_firmware
  • c400
  • c190
  • a900_firmware
  • a400
  • c190_firmware
  • a300
  • a700s
  • 9500
  • a700s_firmware
  • a700
  • a90_firmware
  • fas2820_firmware
  • a90
  • a220_firmware
  • a300_firmware
  • 8200_firmware
  • c800
  • 8300
  • 8700
  • a150_firmware
  • a320_firmware
  • a800_firmware
  • 8300_firmware
  • a400_firmware
  • a1k
  • e-series_santricity_os_controller
  • 8700_firmware
  • a900
  • h615c
  • a320
  • fas2750
  • a150
  • a220
  • a1k_firmware
  • c800_firmware
  • a800
  • h610s_firmware
  • fas2720_firmware
  • 8200
  • fas2720
  • h615c_firmware
  • a70
  • fas2820
  • 9000_firmware
  • 9000
  • h610c_firmware
  • a70_firmware
  • h610s
  • c400_firmware
  • h610c
  • 9500_firmware

linux

  • linux_kernel

debian

  • debian_linux
CWE
CWE-787

Out-of-bounds Write