Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentLinuxVULNRICHMENT:CVE-2024-35890
HistoryMay 19, 2024 - 8:34 a.m.

CVE-2024-35890 gro: fix ownership transfer

2024-05-1908:34:46
Linux
github.com
2
linux kernel
vulnerability fix
ownership transfer
packets
groed
fraglist
segmentation
skb_segment_list
destructor
socket
kernel bug
ip6_rcv_core
ipv6_list_rcv
netif_receive_skb_list_internal
napi_complete_done
gro_cell_poll
skb_gro_receive

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

gro: fix ownership transfer

If packets are GROed with fraglist they might be segmented later on and
continue their journey in the stack. In skb_segment_list those skbs can
be reused as-is. This is an issue as their destructor was removed in
skb_gro_receive_list but not the reference to their socket, and then
they can’t be orphaned. Fix this by also removing the reference to the
socket.

For example this could be observed,

kernel BUG at include/linux/skbuff.h:3131! (skb_orphan)
RIP: 0010:ip6_rcv_core+0x11bc/0x19a0
Call Trace:
ipv6_list_rcv+0x250/0x3f0
__netif_receive_skb_list_core+0x49d/0x8f0
netif_receive_skb_list_internal+0x634/0xd40
napi_complete_done+0x1d2/0x7d0
gro_cell_poll+0x118/0x1f0

A similar construction is found in skb_gro_receive, apply the same
change there.

Related

ubuntucve 1
redhatcve 1
nvd 1
osv 16
cvelist 1
debiancve 1
cve 1
redhat 11
nessus 24
almalinux 1
rocky 3
oraclelinux 1
ibm 4
ubuntu 11
openvas 12
ubuntucve
ubuntucve
CVE-2024-35890
2024-05-19 00:00:00
redhatcve
redhatcve
CVE-2024-35890
2024-05-20 12:14:49
nvd
nvd
CVE-2024-35890
2024-05-19 09:15:10
osv
osv
CVE-2024-35890
2024-05-19 09:15:00
Important: kernel-rt security and bug fix update
2024-07-08 00:00:00
Important: kernel security and bug fix update
2024-07-02 00:00:00
cvelist
cvelist
CVE-2024-35890 gro: fix ownership transfer
2024-05-19 08:34:46
debiancve
debiancve
CVE-2024-35890
2024-05-19 09:15:10
cve
cve
CVE-2024-35890
2024-05-19 09:15:10
redhat
redhat
(RHSA-2024:3306) Moderate: kernel security and bug fix update
2024-05-23 05:51:19
(RHSA-2024:4415) Important: kernel security and bug fix update
2024-07-09 08:53:07
(RHSA-2024:1881) Moderate: kernel security and bug fix update
2024-04-18 00:58:54
nessus
nessus
RHEL 8 : kernel-rt (RHSA-2024:4352)
2024-07-08 00:00:00
Rocky Linux 8 : kernel-rt (RLSA-2024:4352)
2024-07-15 00:00:00
Oracle Linux 8 : kernel (ELSA-2024-4211)
2024-07-03 00:00:00
almalinux
almalinux
Important: kernel-rt security and bug fix update
2024-07-08 00:00:00
rocky
rocky
kernel security and bug fix update
2024-07-15 12:17:38
kernel-rt security and bug fix update
2024-07-15 12:17:54
kernel security and bug fix update
2024-07-15 12:20:09
oraclelinux
oraclelinux
kernel security and bug fix update
2024-07-02 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-08-22 09:25:46
Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF002
2024-09-05 20:05:41
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-07-31 19:41:25
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-07-17 00:00:00
Linux kernel kernel vulnerabilities
2024-07-19 00:00:00
Linux kernel vulnerabilities
2024-07-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6898-2)
2024-07-18 00:00:00
Ubuntu: Security Advisory (USN-6898-4)
2024-07-24 00:00:00
Ubuntu: Security Advisory (USN-6898-1)
2024-07-16 00:00:00

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-35890
ubuntucve1redhatcve1nvd1osv16cvelist1debiancve1cve1redhat11nessus24almalinux1rocky3oraclelinux1ibm4ubuntu11openvas12