CVE-2024-40996

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskb_pull_reason syzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug hint in pskb_may_pull. We'd like to retain this debug check because it might hint at integer overflows and other issues (kernel code should pull headers, not huge value). In bpf case, this splat isn't interesting at all: such (nonsensical) bpf programs are typically generated by a fuzzer anyway. Do what Eric suggested and suppress such warning. For CONFIG_DEBUG_NET=n we don't need the extra check because pskb_may_pull will do the right thing: return an error without the WARN() backtrace.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2bbe3e5a2f4ef69d13be54f1cf895b4658287080	Patch
https://git.kernel.org/stable/c/5e90258303a358e88737afb5048bee9113beea3a	Patch
https://git.kernel.org/stable/c/7f9644782c559635bd676c12c59389a34ed7c866	Patch
https://git.kernel.org/stable/c/dacc15e9cb248d19e5fc63c54bef0b9b55007761	Patch
https://git.kernel.org/stable/c/2bbe3e5a2f4ef69d13be54f1cf895b4658287080	Patch
https://git.kernel.org/stable/c/5e90258303a358e88737afb5048bee9113beea3a	Patch
https://git.kernel.org/stable/c/7f9644782c559635bd676c12c59389a34ed7c866	Patch
https://git.kernel.org/stable/c/dacc15e9cb248d19e5fc63c54bef0b9b55007761	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc4::::::

History

No history.

Information

Published : 2024-07-12 13:15

Updated : 2024-11-21 09:32

NVD link : CVE-2024-40996

Mitre link : CVE-2024-40996

CVE.ORG link : CVE-2024-40996

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-40996", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-07-12T13:15:20.740", "references": [{"url": "https://git.kernel.org/stable/c/2bbe3e5a2f4ef69d13be54f1cf895b4658287080", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5e90258303a358e88737afb5048bee9113beea3a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7f9644782c559635bd676c12c59389a34ed7c866", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dacc15e9cb248d19e5fc63c54bef0b9b55007761", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2bbe3e5a2f4ef69d13be54f1cf895b4658287080", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/5e90258303a358e88737afb5048bee9113beea3a", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/7f9644782c559635bd676c12c59389a34ed7c866", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/dacc15e9cb248d19e5fc63c54bef0b9b55007761", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid splat in pskb_pull_reason\n\nsyzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug\nhint in pskb_may_pull.\n\nWe'd like to retain this debug check because it might hint at integer\noverflows and other issues (kernel code should pull headers, not huge\nvalue).\n\nIn bpf case, this splat isn't interesting at all: such (nonsensical)\nbpf programs are typically generated by a fuzzer anyway.\n\nDo what Eric suggested and suppress such warning.\n\nFor CONFIG_DEBUG_NET=n we don't need the extra check because\npskb_may_pull will do the right thing: return an error without the\nWARN() backtrace."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: evitar splat en pskb_pull_reason compilaciones de syzkaller (CONFIG_DEBUG_NET=y) frecuentemente activa una sugerencia de depuraci\u00f3n en pskb_may_pull. Nos gustar\u00eda conservar esta verificaci\u00f3n de depuraci\u00f3n porque podr\u00eda indicar desbordamientos de enteros y otros problemas (el c\u00f3digo del kernel debe extraer encabezados, no valores enormes). En el caso de bpf, este s\u00edmbolo no es nada interesante: estos programas bpf (sin sentido) normalmente son generados por un fuzzer de todos modos. Haga lo que Eric sugiri\u00f3 y suprima esa advertencia. Para CONFIG_DEBUG_NET=n no necesitamos la verificaci\u00f3n adicional porque pskb_may_pull har\u00e1 lo correcto: devolver un error sin el rastreo WARN()."}], "lastModified": "2024-11-21T09:32:01.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57BC82B2-9518-4E49-8B35-1E0659D07153", "versionEndExcluding": "6.1.96", "versionStartIncluding": "6.1.86"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11D787AB-6330-424C-8EDA-145219D31344", "versionEndExcluding": "6.6.36", "versionStartIncluding": "6.6.27"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1833E4E3-20C1-46FE-BE78-1FA23B2452C0", "versionEndExcluding": "6.9.7", "versionStartIncluding": "6.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}