CVE-2024-45001

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: mana: Fix RX buf alloc_size alignment and atomic op panic<br /> <br /> The MANA driver&amp;#39;s RX buffer alloc_size is passed into napi_build_skb() to<br /> create SKB. skb_shinfo(skb) is located at the end of skb, and its alignment<br /> is affected by the alloc_size passed into napi_build_skb(). The size needs<br /> to be aligned properly for better performance and atomic operations.<br /> Otherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic<br /> operations may panic on the skb_shinfo(skb)-&gt;dataref due to alignment fault.<br /> <br /> To fix this bug, add proper alignment to the alloc_size calculation.<br /> <br /> Sample panic info:<br /> [ 253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce<br /> [ 253.300900] Mem abort info:<br /> [ 253.301760] ESR = 0x0000000096000021<br /> [ 253.302825] EC = 0x25: DABT (current EL), IL = 32 bits<br /> [ 253.304268] SET = 0, FnV = 0<br /> [ 253.305172] EA = 0, S1PTW = 0<br /> [ 253.306103] FSC = 0x21: alignment fault<br /> Call trace:<br /> __skb_clone+0xfc/0x198<br /> skb_clone+0x78/0xe0<br /> raw6_local_deliver+0xfc/0x228<br /> ip6_protocol_deliver_rcu+0x80/0x500<br /> ip6_input_finish+0x48/0x80<br /> ip6_input+0x48/0xc0<br /> ip6_sublist_rcv_finish+0x50/0x78<br /> ip6_sublist_rcv+0x1cc/0x2b8<br /> ipv6_list_rcv+0x100/0x150<br /> __netif_receive_skb_list_core+0x180/0x220<br /> netif_receive_skb_list_internal+0x198/0x2a8<br /> __napi_poll+0x138/0x250<br /> net_rx_action+0x148/0x330<br /> handle_softirqs+0x12c/0x3a0