Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-42083

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
29/07/2024
Last modified:
30/07/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ionic: fix kernel panic due to multi-buffer handling<br /> <br /> Currently, the ionic_run_xdp() doesn&amp;#39;t handle multi-buffer packets<br /> properly for XDP_TX and XDP_REDIRECT.<br /> When a jumbo frame is received, the ionic_run_xdp() first makes xdp<br /> frame with all necessary pages in the rx descriptor.<br /> And if the action is either XDP_TX or XDP_REDIRECT, it should unmap<br /> dma-mapping and reset page pointer to NULL for all pages, not only the<br /> first page.<br /> But it doesn&amp;#39;t for SG pages. So, SG pages unexpectedly will be reused.<br /> It eventually causes kernel panic.<br /> <br /> Oops: general protection fault, probably for non-canonical address 0x504f4e4dbebc64ff: 0000 [#1] PREEMPT SMP NOPTI<br /> CPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.10.0-rc3+ #25<br /> RIP: 0010:xdp_return_frame+0x42/0x90<br /> Code: 01 75 12 5b 4c 89 e6 5d 31 c9 41 5c 31 d2 41 5d e9 73 fd ff ff 44 8b 6b 20 0f b7 43 0a 49 81 ed 68 01 00 00 49 29 c5 49 01 fd 80 7d0<br /> RSP: 0018:ffff99d00122ce08 EFLAGS: 00010202<br /> RAX: 0000000000005453 RBX: ffff8d325f904000 RCX: 0000000000000001<br /> RDX: 00000000670e1000 RSI: 000000011f90d000 RDI: 504f4e4d4c4b4a49<br /> RBP: ffff99d003907740 R08: 0000000000000000 R09: 0000000000000000<br /> R10: 000000011f90d000 R11: 0000000000000000 R12: ffff8d325f904010<br /> R13: 504f4e4dbebc64fd R14: ffff8d3242b070c8 R15: ffff99d0039077c0<br /> FS: 0000000000000000(0000) GS:ffff8d399f780000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007f41f6c85e38 CR3: 000000037ac30000 CR4: 00000000007506f0<br /> PKRU: 55555554<br /> Call Trace:<br /> <br /> ? die_addr+0x33/0x90<br /> ? exc_general_protection+0x251/0x2f0<br /> ? asm_exc_general_protection+0x22/0x30<br /> ? xdp_return_frame+0x42/0x90<br /> ionic_tx_clean+0x211/0x280 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]<br /> ionic_tx_cq_service+0xd3/0x210 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]<br /> ionic_txrx_napi+0x41/0x1b0 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]<br /> __napi_poll.constprop.0+0x29/0x1b0<br /> net_rx_action+0x2c4/0x350<br /> handle_softirqs+0xf4/0x320<br /> irq_exit_rcu+0x78/0xa0<br /> common_interrupt+0x77/0x90

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.9 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.9.1 (including) 6.9.8 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools