CVE-2024-27013

In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. When console is enabled, it will costs much more cpu time to dump packet and soft lockup will be detected. net_ratelimit mechanism can be used to limit the dumping rate. PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980" #0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253 #1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3 #2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e #3 [fffffe00003fced0] do_nmi at ffffffff8922660d #4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663 [exception RIP: io_serial_in+20] RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002 RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000 RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0 RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020 R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #5 [ffffa655314979e8] io_serial_in at ffffffff89792594 #6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470 #7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6 #8 [ffffa65531497a20] uart_console_write at ffffffff8978b605 #9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558 #10 [ffffa65531497ac8] console_unlock at ffffffff89316124 #11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07 #12 [ffffa65531497b68] printk at ffffffff89318306 #13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765 #14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun] #15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun] #16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net] #17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost] #18 [ffffa65531497f10] kthread at ffffffff892d2e72 #19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f

References

Link	Resource
https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421	Patch
https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad	Patch
https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3	Patch
https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa	Patch
https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713	Patch
https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588	Patch
https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb	Patch
https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540	Patch
https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421	Patch
https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad	Patch
https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3	Patch
https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa	Patch
https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713	Patch
https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588	Patch
https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb	Patch
https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc4::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

History

21 Nov 2024, 09:03

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -
References	~~() https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421 - Patch~~	() https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421 - Patch
References	~~() https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad - Patch~~	() https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad - Patch
References	~~() https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3 - Patch~~	() https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3 - Patch
References	~~() https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa - Patch~~	() https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa - Patch
References	~~() https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713 - Patch~~	() https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713 - Patch
References	~~() https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588 - Patch~~	() https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588 - Patch
References	~~() https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb - Patch~~	() https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb - Patch
References	~~() https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540 - Patch~~	() https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540 - Patch

05 Nov 2024, 10:16

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~ ~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~

27 Jun 2024, 12:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -

25 Jun 2024, 23:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -

23 May 2024, 19:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421 -~~	() https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421 - Patch
References	~~() https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad -~~	() https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad - Patch
References	~~() https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3 -~~	() https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3 - Patch
References	~~() https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa -~~	() https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa - Patch
References	~~() https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713 -~~	() https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713 - Patch
References	~~() https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588 -~~	() https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588 - Patch
References	~~() https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb -~~	() https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb - Patch
References	~~() https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540 -~~	() https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540 - Patch
CPE		cpe:2.3:o:linux:linux_kernel:6.9:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc3:::::: cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:fedoraproject:fedora:38:::::::* cpe:2.3:o:linux:linux_kernel:6.9:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc1:::::: cpe:2.3:o:fedoraproject:fedora:40:::::::*
CWE		CWE-770
First Time		Fedoraproject Fedoraproject fedora Linux linux Kernel Linux

03 May 2024, 06:15

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~ ~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~ ~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~	() https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421 - () https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3 - () https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588 -

03 May 2024, 03:16

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/ -
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tun: limita la velocidad de impresión cuando el paquete ilegal recibido por tun dev vhost_worker llamará a tun para recibir paquetes. Si llegan demasiados paquetes ilegales, tun_do_read seguirá descargando el contenido de los paquetes. Cuando la consola está habilitada, le costará mucho más tiempo a la CPU volcar el paquete y se detectará un bloqueo suave. El mecanismo net_ratelimit se puede utilizar para limitar la tasa de dumping. PID: 33036 TAREA: ffff949da6f20000 CPU: 23 COMANDO: "vhost-32980" #0 [fffffe00003fce50] crash_nmi_callback en ffffffff89249253 #1 [fffffe00003fce58] nmi_handle en ffffffff89225fa3 #2 00003fceb0] default_do_nmi en ffffffff8922642e #3 [fffffe00003fced0] do_nmi en ffffffff8922660d #4 [fffffe00003fcef0] end_repeat_nmi en ffffffff89c01663 [excepción RIP: io_serial_in+20] RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002 RAX: ffffffff89792500 RBX: ff8af428a0 RCX: 0000000000000000 RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0 RBP: 0000000000002710 R8: 00000000000000004 R9: 000000000000000f R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020 R13: ffffffff8acbf698 R14: 00000000000000058 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #5 [ffffa655314979e8] io_serial_in en ffffffff89792594 #6 [ffffa655314979e8] wait_for_xmitr en ffffffff89793470 #7 [ffffa65531497a08] console_putchar en ffffffff897934f6 #8 [ffffa65531497a20] uart_console_write en ffffffff8978b605 #9 [ffffa65531497a48] serial8250_console_write en ffffffff89796558 #10 [ffffa65531497ac8] console_unlock en ffffffff8 9316124 #11 [ffffa65531497b10] vprintk_emit en ffffffff89317c07 #12 [ffffa65531497b68] printk en ffffffff89318306 #13 [ffffa65531497bc8] print_hex_dump en ffffffff89650765 # 14 [ffffa65531497ca8] tun_do_read en ffffffffc0b06c27 [tun] #15 [ffffa65531497d38] tun_recvmsg en ffffffffc0b06e34 [tun] #16 [ffffa65531497d68] handle_rx en ffffffffc0c5d682 [vhost_net] #17 [ffffa65531497ed0] vhost_worker en ffffffffc0c644dc [vhost] #18 [ffffa65531497f10] kthread en ffffffff892d2e72 #19 [ffffa65531497f50] ret_from_fork en ffffffff89c0022f

01 May 2024, 06:15

Type	Values Removed	Values Added
New CVE

5.5^/10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED