CVE-2024-26707

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()<br /> <br /> Syzkaller reported [1] hitting a warning after failing to allocate<br /> resources for skb in hsr_init_skb(). Since a WARN_ONCE() call will<br /> not help much in this case, it might be prudent to switch to<br /> netdev_warn_once(). At the very least it will suppress syzkaller<br /> reports such as [1].<br /> <br /> Just in case, use netdev_warn_once() in send_prp_supervision_frame()<br /> for similar reasons.<br /> <br /> [1]<br /> HSR: Could not send supervision frame<br /> WARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294<br /> RIP: 0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294<br /> ...<br /> Call Trace:<br /> <br /> hsr_announce+0x114/0x370 net/hsr/hsr_device.c:382<br /> call_timer_fn+0x193/0x590 kernel/time/timer.c:1700<br /> expire_timers kernel/time/timer.c:1751 [inline]<br /> __run_timers+0x764/0xb20 kernel/time/timer.c:2022<br /> run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035<br /> __do_softirq+0x21a/0x8de kernel/softirq.c:553<br /> invoke_softirq kernel/softirq.c:427 [inline]<br /> __irq_exit_rcu kernel/softirq.c:632 [inline]<br /> irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644<br /> sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076<br /> <br /> <br /> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649<br /> ...<br /> <br /> This issue is also found in older kernels (at least up to 5.10).