CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
In the Linux kernel, the following vulnerability has been resolved:
netfilter: br_netfilter: skip conntrack input hook for promisc packets For
historical reasons, when bridge device is in promisc mode, packets that are
directed to the taps follow bridge input hook path. This patch adds a
workaround to reset conntrack for these packets. Jianbo Liu reports warning
splats in their test infrastructure where cloned packets reach the
br_netfilter input hook to confirm the conntrack object. Scratch one bit
from BR_INPUT_SKB_CB to annotate that this packet has reached the input
hook because it is passed up to the bridge device to reach the taps. [
57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616
br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.572749] Modules linked in:
xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype
xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry
overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_isc si ib_umad
rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5ctl mlx5_core [
57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19 [
57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 57.576662] RIP:
0010:br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.577195] Code: fe ff ff
41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff ff ff be 04 00 00 00 48 89 ef e8
f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb 91 <0f> 0b e9 f1 fe ff ff 0f 0b e9
df fe ff ff 48 89 df e8 b3 53 47 e1 [ 57.578722] RSP: 0018:ffff88885f845a08
EFLAGS: 00010202 [ 57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000
RCX: 0000000000000000 [ 57.579830] RDX: ffff88885f845a60 RSI:
ffff8881022dc300 RDI: 0000000000000000 [ 57.580454] RBP: ffff88885f845a60
R08: 0000000000000001 R09: 0000000000000003 [ 57.581076] R10:
00000000ffff1300 R11: 0000000000000002 R12: 0000000000000000 [ 57.581695]
R13: ffff8881047ffe00 R14: ffff888108dbee00 R15: ffff88814519b800 [
57.582313] FS: 0000000000000000(0000) GS:ffff88885f840000(0000)
knlGS:0000000000000000 [ 57.583040] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033 [ 57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001
CR4: 0000000000370eb0 [ 57.584194] DR0: 0000000000000000 DR1:
0000000000000000 DR2: 0000000000000000 [ 57.584820] DR3: 0000000000000000
DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.585440] Call Trace: [
57.585721] <IRQ> [ 57.585976] ? __warn+0x7d/0x130 [ 57.586323] ?
br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.586811] ?
report_bug+0xf1/0x1c0 [ 57.587177] ? handle_bug+0x3f/0x70 [ 57.587539] ?
exc_invalid_op+0x13/0x60 [ 57.587929] ? asm_exc_invalid_op+0x16/0x20 [
57.588336] ? br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.588825]
nf_hook_slow+0x3d/0xd0 [ 57.589188] ? br_handle_vlan+0x4b/0x110 [
57.589579] br_pass_frame_up+0xfc/0x150 [ 57.589970] ?
br_port_flags_change+0x40/0x40 [ 57.590396]
br_handle_frame_finish+0x346/0x5e0 [ 57.590837] ? ipt_do_table+0x32e/0x430
[ 57.591221] ? br_handle_local_finish+0x20/0x20 [ 57.591656]
br_nf_hook_thresh+0x4b/0xf0 [br_netfilter] [ 57.592286] ?
br_handle_local_finish+0x20/0x20 [ 57.592802]
br_nf_pre_routing_finish+0x178/0x480 [br_netfilter] [ 57.593348] ?
br_handle_local_finish+0x20/0x20 [ 57.593782] ?
nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat] [ 57.594279]
br_nf_pre_routing+0x24c/0x550 [br_netfilter] [ 57.594780] ?
br_nf_hook_thresh+0xf0/0xf0 [br_netfilter] [ 57.595280]
br_handle_frame+0x1f3/0x3d0 [ 57.595676] ? br_handle_local_finish+0x20/0x20
[ 57.596118] ? br_handle_frame_finish+0x5e0/0x5e0 [ 57.596566]
__netif_receive_skb_core+0x25b/0xfc0 [ 57.597017] ?
__napi_build_skb+0x37/0x40 [ 57.597418]
__netif_receive_skb_list_core+0xfb/0x220
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux | < 5.15.0-116.126 | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-38.38 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1065.71 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1011.12 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1065.71~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1068.77 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < 6.8.0-1010.10 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < 5.15.0-1068.77~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-fde | < 5.15.0-1068.77.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-fde-5.15 | < 5.15.0-1068.77~20.04.1.1 | UNKNOWN |
git.kernel.org/linus/751de2012eafa4d46d8081056761fa0e9cc8a178 (6.9-rc5)
git.kernel.org/stable/c/3f59ac29dea0921637053908fe99268d157bbb9d
git.kernel.org/stable/c/43193174510ea4f3ce09b796e559a2fd9f148615
git.kernel.org/stable/c/751de2012eafa4d46d8081056761fa0e9cc8a178
git.kernel.org/stable/c/b13db0d16bc7b2a52abcf5cb71334f63faa5dbd6
git.kernel.org/stable/c/dceb683ab87ca3666a9bb5c0158528b646faedc4
launchpad.net/bugs/cve/CVE-2024-27018
nvd.nist.gov/vuln/detail/CVE-2024-27018
security-tracker.debian.org/tracker/CVE-2024-27018
ubuntu.com/security/notices/USN-6893-1
ubuntu.com/security/notices/USN-6893-2
ubuntu.com/security/notices/USN-6893-3
ubuntu.com/security/notices/USN-6898-1
ubuntu.com/security/notices/USN-6898-2
ubuntu.com/security/notices/USN-6898-3
ubuntu.com/security/notices/USN-6898-4
ubuntu.com/security/notices/USN-6917-1
ubuntu.com/security/notices/USN-6918-1
www.cve.org/CVERecord?id=CVE-2024-27018