CVE-2024-26861

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wireguard: receive: annotate data-race around receiving_counter.counter<br /> <br /> Syzkaller with KCSAN identified a data-race issue when accessing<br /> keypair-&gt;receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE()<br /> annotations to mark the data race as intentional.<br /> <br /> BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll<br /> <br /> write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0:<br /> counter_validate drivers/net/wireguard/receive.c:321 [inline]<br /> wg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461<br /> __napi_poll+0x60/0x3b0 net/core/dev.c:6536<br /> napi_poll net/core/dev.c:6605 [inline]<br /> net_rx_action+0x32b/0x750 net/core/dev.c:6738<br /> __do_softirq+0xc4/0x279 kernel/softirq.c:553<br /> do_softirq+0x5e/0x90 kernel/softirq.c:454<br /> __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381<br /> __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]<br /> _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210<br /> spin_unlock_bh include/linux/spinlock.h:396 [inline]<br /> ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]<br /> wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499<br /> process_one_work kernel/workqueue.c:2633 [inline]<br /> ...<br /> <br /> read to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1:<br /> decrypt_packet drivers/net/wireguard/receive.c:252 [inline]<br /> wg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501<br /> process_one_work kernel/workqueue.c:2633 [inline]<br /> process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706<br /> worker_thread+0x525/0x730 kernel/workqueue.c:2787<br /> ...