CVE-2024-35889

In the Linux kernel, the following vulnerability has been resolved: idpf: fix kernel panic on unknown packet types In the very rare case where a packet type is unknown to the driver, idpf_rx_process_skb_fields would return early without calling eth_type_trans to set the skb protocol / the network layer handler. This is especially problematic if tcpdump is running when such a packet is received, i.e. it would cause a kernel panic. Instead, call eth_type_trans for every single packet, even when the packet type is unknown.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/b4d28f7fa4dd531cf503a4fe1ca7008960cc5832	Patch
https://git.kernel.org/stable/c/dd19e827d63ac60debf117676d1126bff884bdb8	Patch
https://git.kernel.org/stable/c/b4d28f7fa4dd531cf503a4fe1ca7008960cc5832	Patch
https://git.kernel.org/stable/c/dd19e827d63ac60debf117676d1126bff884bdb8	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::

History

31 Dec 2024, 18:50

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/b4d28f7fa4dd531cf503a4fe1ca7008960cc5832 -~~	() https://git.kernel.org/stable/c/b4d28f7fa4dd531cf503a4fe1ca7008960cc5832 - Patch
References	~~() https://git.kernel.org/stable/c/dd19e827d63ac60debf117676d1126bff884bdb8 -~~	() https://git.kernel.org/stable/c/dd19e827d63ac60debf117676d1126bff884bdb8 - Patch
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:6.9:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::

Information

Published : 2024-05-19 09:15

Updated : 2024-12-31 18:50

NVD link : CVE-2024-35889

Mitre link : CVE-2024-35889

CVE.ORG link : CVE-2024-35889

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-35889", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-19T09:15:09.997", "references": [{"url": "https://git.kernel.org/stable/c/b4d28f7fa4dd531cf503a4fe1ca7008960cc5832", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dd19e827d63ac60debf117676d1126bff884bdb8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b4d28f7fa4dd531cf503a4fe1ca7008960cc5832", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/dd19e827d63ac60debf117676d1126bff884bdb8", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix kernel panic on unknown packet types\n\nIn the very rare case where a packet type is unknown to the driver,\nidpf_rx_process_skb_fields would return early without calling\neth_type_trans to set the skb protocol / the network layer handler.\nThis is especially problematic if tcpdump is running when such a\npacket is received, i.e. it would cause a kernel panic.\n\nInstead, call eth_type_trans for every single packet, even when\nthe packet type is unknown."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: idpf: corrige el p\u00e1nico del kernel en tipos de paquetes desconocidos. En el caso muy raro de que el controlador desconozca un tipo de paquete, idpf_rx_process_skb_fields regresar\u00eda antes de tiempo sin llamar a eth_type_trans para configurar el protocolo skb/el manejador de capa de red. Esto es especialmente problem\u00e1tico si tcpdump se est\u00e1 ejecutando cuando se recibe dicho paquete, es decir, causar\u00eda un p\u00e1nico en el kernel. En su lugar, llame a eth_type_trans para cada paquete, incluso cuando se desconozca el tipo de paquete."}], "lastModified": "2024-12-31T18:50:40.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10", "versionEndExcluding": "6.8.5", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}