Lucene search

LinuxCVE-2024-40996

HistoryJul 12, 2024 - 1:15 p.m.

CVE-2024-40996

2024-07-1213:15:20

Linux

web.nvd.nist.gov

linux kernel

vulnerability

resolved

bpf

integer overflows

pskb_may_pull

warning

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

bpf: Avoid splat in pskb_pull_reason

syzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug
hint in pskb_may_pull.

We’d like to retain this debug check because it might hint at integer
overflows and other issues (kernel code should pull headers, not huge
value).

In bpf case, this splat isn’t interesting at all: such (nonsensical)
bpf programs are typically generated by a fuzzer anyway.

Do what Eric suggested and suppress such warning.

For CONFIG_DEBUG_NET=n we don’t need the extra check because
pskb_may_pull will do the right thing: return an error without the
WARN() backtrace.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange6.1.86–6.1.96

linuxlinux_kernelRange6.6.27–6.6.36

linuxlinux_kernelRange6.9–6.9.7

linuxlinux_kernelMatch6.10rc1

linuxlinux_kernelMatch6.10rc2

linuxlinux_kernelMatch6.10rc3

linuxlinux_kernelMatch6.10rc4

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc4::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/core/filter.c"
    ],
    "versions": [
      {
        "version": "8af60bb2b215",
        "lessThan": "dacc15e9cb24",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1b2b26595bb0",
        "lessThan": "7f9644782c55",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "219eee9c0d16",
        "lessThan": "5e90258303a3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "219eee9c0d16",
        "lessThan": "2bbe3e5a2f4e",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/core/filter.c"
    ],
    "versions": [
      {
        "version": "6.9",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.9",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.96",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.36",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.7",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]