Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-43878

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
21/08/2024
Last modified:
26/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfrm: Fix input error path memory access<br /> <br /> When there is a misconfiguration of input state slow path<br /> KASAN report error. Fix this error.<br /> west login:<br /> [ 52.987278] eth1: renamed from veth11<br /> [ 53.078814] eth1: renamed from veth21<br /> [ 53.181355] eth1: renamed from veth31<br /> [ 54.921702] ==================================================================<br /> [ 54.922602] BUG: KASAN: wild-memory-access in xfrmi_rcv_cb+0x2d/0x295<br /> [ 54.923393] Read of size 8 at addr 6b6b6b6b00000000 by task ping/512<br /> [ 54.924169]<br /> [ 54.924386] CPU: 0 PID: 512 Comm: ping Not tainted 6.9.0-08574-gcd29a4313a1b #25<br /> [ 54.925290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br /> [ 54.926401] Call Trace:<br /> [ 54.926731] <br /> [ 54.927009] dump_stack_lvl+0x2a/0x3b<br /> [ 54.927478] kasan_report+0x84/0xa6<br /> [ 54.927930] ? xfrmi_rcv_cb+0x2d/0x295<br /> [ 54.928410] xfrmi_rcv_cb+0x2d/0x295<br /> [ 54.928872] ? xfrm4_rcv_cb+0x3d/0x5e<br /> [ 54.929354] xfrm4_rcv_cb+0x46/0x5e<br /> [ 54.929804] xfrm_rcv_cb+0x7e/0xa1<br /> [ 54.930240] xfrm_input+0x1b3a/0x1b96<br /> [ 54.930715] ? xfrm_offload+0x41/0x41<br /> [ 54.931182] ? raw_rcv+0x292/0x292<br /> [ 54.931617] ? nf_conntrack_confirm+0xa2/0xa2<br /> [ 54.932158] ? skb_sec_path+0xd/0x3f<br /> [ 54.932610] ? xfrmi_input+0x90/0xce<br /> [ 54.933066] xfrm4_esp_rcv+0x33/0x54<br /> [ 54.933521] ip_protocol_deliver_rcu+0xd7/0x1b2<br /> [ 54.934089] ip_local_deliver_finish+0x110/0x120<br /> [ 54.934659] ? ip_protocol_deliver_rcu+0x1b2/0x1b2<br /> [ 54.935248] NF_HOOK.constprop.0+0xf8/0x138<br /> [ 54.935767] ? ip_sublist_rcv_finish+0x68/0x68<br /> [ 54.936317] ? secure_tcpv6_ts_off+0x23/0x168<br /> [ 54.936859] ? ip_protocol_deliver_rcu+0x1b2/0x1b2<br /> [ 54.937454] ? __xfrm_policy_check2.constprop.0+0x18d/0x18d<br /> [ 54.938135] NF_HOOK.constprop.0+0xf8/0x138<br /> [ 54.938663] ? ip_sublist_rcv_finish+0x68/0x68<br /> [ 54.939220] ? __xfrm_policy_check2.constprop.0+0x18d/0x18d<br /> [ 54.939904] ? ip_local_deliver_finish+0x120/0x120<br /> [ 54.940497] __netif_receive_skb_one_core+0xc9/0x107<br /> [ 54.941121] ? __netif_receive_skb_list_core+0x1c2/0x1c2<br /> [ 54.941771] ? blk_mq_start_stopped_hw_queues+0xc7/0xf9<br /> [ 54.942413] ? blk_mq_start_stopped_hw_queue+0x38/0x38<br /> [ 54.943044] ? virtqueue_get_buf_ctx+0x295/0x46b<br /> [ 54.943618] process_backlog+0xb3/0x187<br /> [ 54.944102] __napi_poll.constprop.0+0x57/0x1a7<br /> [ 54.944669] net_rx_action+0x1cb/0x380<br /> [ 54.945150] ? __napi_poll.constprop.0+0x1a7/0x1a7<br /> [ 54.945744] ? vring_new_virtqueue+0x17a/0x17a<br /> [ 54.946300] ? note_interrupt+0x2cd/0x367<br /> [ 54.946805] handle_softirqs+0x13c/0x2c9<br /> [ 54.947300] do_softirq+0x5f/0x7d<br /> [ 54.947727] <br /> [ 54.948014] <br /> [ 54.948300] __local_bh_enable_ip+0x48/0x62<br /> [ 54.948832] __neigh_event_send+0x3fd/0x4ca<br /> [ 54.949361] neigh_resolve_output+0x1e/0x210<br /> [ 54.949896] ip_finish_output2+0x4bf/0x4f0<br /> [ 54.950410] ? __ip_finish_output+0x171/0x1b8<br /> [ 54.950956] ip_send_skb+0x25/0x57<br /> [ 54.951390] raw_sendmsg+0xf95/0x10c0<br /> [ 54.951850] ? check_new_pages+0x45/0x71<br /> [ 54.952343] ? raw_hash_sk+0x21b/0x21b<br /> [ 54.952815] ? kernel_init_pages+0x42/0x51<br /> [ 54.953337] ? prep_new_page+0x44/0x51<br /> [ 54.953811] ? get_page_from_freelist+0x72b/0x915<br /> [ 54.954390] ? signal_pending_state+0x77/0x77<br /> [ 54.954936] ? preempt_count_sub+0x14/0xb3<br /> [ 54.955450] ? __might_resched+0x8a/0x240<br /> [ 54.955951] ? __might_sleep+0x25/0xa0<br /> [ 54.956424] ? first_zones_zonelist+0x2c/0x43<br /> [ 54.956977] ? __rcu_read_lock+0x2d/0x3a<br /> [ 54.957476] ? __pte_offset_map+0x32/0xa4<br /> [ 54.957980] ? __might_resched+0x8a/0x240<br /> [ 54.958483] ? __might_sleep+0x25/0xa0<br /> [ 54.958963] ? inet_send_prepare+0x54/0x54<br /> [ 54.959478] ? sock_sendmsg_nosec+0x42/0x6c<br /> [ 54.960000] sock_sendmsg_nosec+0x42/0x6c<br /> [ 54.960502] __sys_sendto+0x15d/0x1cc<br /> [ 54.960966] ? __x64_sys_getpeername+0x44/0x44<br /> [ 54.961522] ? __handle_mm_fault+0x679/0xae4<br /> [ 54.962068] ? find_vma+0x6b/0x<br /> ---truncated---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.10 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): High

Base Score 3.x
7.10
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.10 (including) 6.10.3 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools