CVE-2024-38659
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/06/2024
Last modified:
04/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
enic: Validate length of nl attributes in enic_set_vf_port<br />
<br />
enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE<br />
is of length PORT_PROFILE_MAX and that the nl attributes<br />
IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX.<br />
These attributes are validated (in the function do_setlink in rtnetlink.c)<br />
using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE<br />
as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and<br />
IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation<br />
using the policy is for the max size of the attributes and not on exact<br />
size so the length of these attributes might be less than the sizes that<br />
enic_set_vf_port expects. This might cause an out of bands<br />
read access in the memcpys of the data of these<br />
attributes in enic_set_vf_port.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.35 (including) | 4.19.316 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.278 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.219 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.161 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.93 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.33 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.9.4 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7
- https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600
- https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227
- https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5
- https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31
- https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d
- https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449
- https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c
- https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7
- https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600
- https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227
- https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5
- https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31
- https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d
- https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449
- https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html