CVE-2024-35982

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> batman-adv: Avoid infinite loop trying to resize local TT<br /> <br /> If the MTU of one of an attached interface becomes too small to transmit<br /> the local translation table then it must be resized to fit inside all<br /> fragments (when enabled) or a single packet.<br /> <br /> But if the MTU becomes too low to transmit even the header + the VLAN<br /> specific part then the resizing of the local TT will never succeed. This<br /> can for example happen when the usable space is 110 bytes and 11 VLANs are<br /> on top of batman-adv. In this case, at least 116 byte would be needed.<br /> There will just be an endless spam of<br /> <br /> batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (110)<br /> <br /> in the log but the function will never finish. Problem here is that the<br /> timeout will be halved all the time and will then stagnate at 0 and<br /> therefore never be able to reduce the table even more.<br /> <br /> There are other scenarios possible with a similar result. The number of<br /> BATADV_TT_CLIENT_NOPURGE entries in the local TT can for example be too<br /> high to fit inside a packet. Such a scenario can therefore happen also with<br /> only a single VLAN + 7 non-purgable addresses - requiring at least 120<br /> bytes.<br /> <br /> While this should be handled proactively when:<br /> <br /> * interface with too low MTU is added<br /> * VLAN is added<br /> * non-purgeable local mac is added<br /> * MTU of an attached interface is reduced<br /> * fragmentation setting gets disabled (which most likely requires dropping<br /> attached interfaces)<br /> <br /> not all of these scenarios can be prevented because batman-adv is only<br /> consuming events without the the possibility to prevent these actions<br /> (non-purgable MAC address added, MTU of an attached interface is reduced).<br /> It is therefore necessary to also make sure that the code is able to handle<br /> also the situations when there were already incompatible system<br /> configuration are present.