CVE-2024-45001

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix RX buf alloc_size alignment and atomic op panic The MANA driver's RX buffer alloc_size is passed into napi_build_skb() to create SKB. skb_shinfo(skb) is located at the end of skb, and its alignment is affected by the alloc_size passed into napi_build_skb(). The size needs to be aligned properly for better performance and atomic operations. Otherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic operations may panic on the skb_shinfo(skb)->dataref due to alignment fault. To fix this bug, add proper alignment to the alloc_size calculation. Sample panic info: [ 253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce [ 253.300900] Mem abort info: [ 253.301760] ESR = 0x0000000096000021 [ 253.302825] EC = 0x25: DABT (current EL), IL = 32 bits [ 253.304268] SET = 0, FnV = 0 [ 253.305172] EA = 0, S1PTW = 0 [ 253.306103] FSC = 0x21: alignment fault Call trace: __skb_clone+0xfc/0x198 skb_clone+0x78/0xe0 raw6_local_deliver+0xfc/0x228 ip6_protocol_deliver_rcu+0x80/0x500 ip6_input_finish+0x48/0x80 ip6_input+0x48/0xc0 ip6_sublist_rcv_finish+0x50/0x78 ip6_sublist_rcv+0x1cc/0x2b8 ipv6_list_rcv+0x100/0x150 __netif_receive_skb_list_core+0x180/0x220 netif_receive_skb_list_internal+0x198/0x2a8 __napi_poll+0x138/0x250 net_rx_action+0x148/0x330 handle_softirqs+0x12c/0x3a0
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*

History

09 Oct 2024, 14:49

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc - () https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc - Patch
References () https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa - () https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa - Patch
References () https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf - () https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf - Patch
First Time Linux linux Kernel
Linux

05 Sep 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mana: Fix RX buf alloc_size adjustment and atomic op panic El búfer RX alloc_size del controlador MANA se pasa a napi_build_skb() para crear SKB. skb_shinfo(skb) se encuentra al final de skb, y su alineación se ve afectada por el alloc_size pasado a napi_build_skb(). El tamaño debe estar alineado correctamente para un mejor rendimiento y operaciones atómicas. De lo contrario, en la CPU ARM64, para ciertas configuraciones de MTU como 4000, las operaciones atómicas pueden entrar en pánico en skb_shinfo(skb)->dataref debido a un error de alineación. Para corregir este error, agregue la alineación adecuada al cálculo alloc_size. Información de pánico de muestra: [253.298819] No se puede manejar la solicitud de paginación del núcleo en la dirección virtual ffff000129ba5cce [253.300900] Información de aborto de memoria: [253.301760] ESR = 0x0000000096000021 [253.302825] EC = 0x25: DABT (EL actual), IL = 32 bits [253.304268] SET = 0, FnV = 0 [253.305172] EA = 0, S1PTW = 0 [253.306103] FSC = 0x21: error de alineación Rastreo de llamada: __skb_clone+0xfc/0x198 skb_clone+0x78/0xe0 raw6_local_deliver+0xfc/0x228 ip6_protocol_deliver_rcu+0x80/0x500 ip6_input_finish+0x48/0x80 ip6_input+0x48/0xc0 ip6_sublist_rcv_finish+0x50/0x78 ip6_sublist_rcv+0x1cc/0x2b8 ipv6_list_rcv+0x100/0x150 __netif_receive_skb_list_core+0x180/0x220 netif_receive_skb_list_internal+0x198/0x2a8 __napi_poll+0x138/0x250 net_rx_action+0x148/0x330 manejar_softirqs+0x12c/0x3a0

04 Sep 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-04 20:15

Updated : 2024-10-09 14:49


NVD link : CVE-2024-45001

Mitre link : CVE-2024-45001

CVE.ORG link : CVE-2024-45001


JSON object : View

Products Affected

linux

  • linux_kernel