Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-35901

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/05/2024
Last modified:
23/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: mana: Fix Rx DMA datasize and skb_over_panic<br /> <br /> mana_get_rxbuf_cfg() aligns the RX buffer&amp;#39;s DMA datasize to be<br /> multiple of 64. So a packet slightly bigger than mtu+14, say 1536,<br /> can be received and cause skb_over_panic.<br /> <br /> Sample dmesg:<br /> [ 5325.237162] skbuff: skb_over_panic: text:ffffffffc043277a len:1536 put:1536 head:ff1100018b517000 data:ff1100018b517100 tail:0x700 end:0x6ea dev:<br /> [ 5325.243689] ------------[ cut here ]------------<br /> [ 5325.245748] kernel BUG at net/core/skbuff.c:192!<br /> [ 5325.247838] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI<br /> [ 5325.258374] RIP: 0010:skb_panic+0x4f/0x60<br /> [ 5325.302941] Call Trace:<br /> [ 5325.304389] <br /> [ 5325.315794] ? skb_panic+0x4f/0x60<br /> [ 5325.317457] ? asm_exc_invalid_op+0x1f/0x30<br /> [ 5325.319490] ? skb_panic+0x4f/0x60<br /> [ 5325.321161] skb_put+0x4e/0x50<br /> [ 5325.322670] mana_poll+0x6fa/0xb50 [mana]<br /> [ 5325.324578] __napi_poll+0x33/0x1e0<br /> [ 5325.326328] net_rx_action+0x12e/0x280<br /> <br /> As discussed internally, this alignment is not necessary. To fix<br /> this bug, remove it from the code. So oversized packets will be<br /> marked as CQE_RX_TRUNCATED by NIC, and dropped.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.4 (including) 6.6.26 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.8.5 (excluding)
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools