In the Linux kernel, the following vulnerability has been resolved:
ppp_async: limit MRU to 64K syzbot triggered a warning [1] in
__alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed
a similar issue in commit c0a2a1b0d631 (“ppp: limit MRU to 64K”) Adopt the
same sanity check for ppp_async_ioctl(PPPIOCSMRU) [1]: WARNING: CPU: 1 PID:
11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
Modules linked in: CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted
6.8.0-rc2-syzkaller-g41bccc98fb79 #0 Hardware name: Google Google Compute
Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue:
events_unbound flush_to_ldisc pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO
-DIT -SSBS BTYPE=–) pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 lr
: __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537 sp : ffff800093967580 x29:
ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000 x26:
ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0 x23:
0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8 x20:
ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120 x17:
ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005 x14:
1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000 x11:
ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001 x8 :
ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f x5 :
00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020 x2 :
0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0 Call trace:
__alloc_pages+0x308/0x698 mm/page_alloc.c:4543 __alloc_pages_node
include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261
[inline] __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926 __do_kmalloc_node
mm/slub.c:3969 [inline] __kmalloc_node_track_caller+0x418/0x620
mm/slub.c:4001 kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590
__alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651 __netdev_alloc_skb+0xb8/0x3e8
net/core/skbuff.c:715 netdev_alloc_skb include/linux/skbuff.h:3235 [inline]
dev_alloc_skb include/linux/skbuff.h:3248 [inline] ppp_async_input
drivers/net/ppp/ppp_async.c:863 [inline] ppp_asynctty_receive+0x588/0x186c
drivers/net/ppp/ppp_async.c:341 tty_ldisc_receive_buf+0x12c/0x15c
drivers/tty/tty_buffer.c:390 tty_port_default_receive_buf+0x74/0xac
drivers/tty/tty_port.c:37 receive_buf drivers/tty/tty_buffer.c:444 [inline]
flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494
process_one_work+0x694/0x1204 kernel/workqueue.c:2633
process_scheduled_works kernel/workqueue.c:2706 [inline]
worker_thread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310
kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-181.201 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-106.116 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-44.44 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1124.134 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1061.67 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1061.67~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1124.134~18.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < 6.5.0-1023.23~22.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1129.136 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1063.72 | UNKNOWN |
git.kernel.org/linus/cb88cb53badb8aeb3955ad6ce80b07b598e310b8 (6.8-rc4)
git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8
git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16
git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed
git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982
git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3
git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719
git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b
git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8
launchpad.net/bugs/cve/CVE-2024-26675
nvd.nist.gov/vuln/detail/CVE-2024-26675
security-tracker.debian.org/tracker/CVE-2024-26675
ubuntu.com/security/notices/USN-6766-1
ubuntu.com/security/notices/USN-6766-2
ubuntu.com/security/notices/USN-6766-3
ubuntu.com/security/notices/USN-6767-1
ubuntu.com/security/notices/USN-6767-2
ubuntu.com/security/notices/USN-6795-1
ubuntu.com/security/notices/USN-6828-1
ubuntu.com/security/notices/USN-6895-1
ubuntu.com/security/notices/USN-6895-2
ubuntu.com/security/notices/USN-6895-3
ubuntu.com/security/notices/USN-6900-1
www.cve.org/CVERecord?id=CVE-2024-26675