vulnerability

Amazon Linux AMI 2: CVE-2024-26665: Security patch for kernel (Multiple Advisories)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:C)
Published
04/02/2024
Added
05/28/2024
Modified
02/18/2025

Description

In the Linux kernel, the following vulnerability has been resolved:

tunnels: fix out of bounds access when building IPv6 PMTU error

If the ICMPv6 error is built from a non-linear skb we get the following
splat,

BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240
Read of size 4 at addr ffff88811d402c80 by task netperf/820
CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543
...
kasan_report+0xd8/0x110
do_csum+0x220/0x240
csum_partial+0xc/0x20
skb_tunnel_check_pmtu+0xeb9/0x3280
vxlan_xmit_one+0x14c2/0x4080
vxlan_xmit+0xf61/0x5c00
dev_hard_start_xmit+0xfb/0x510
__dev_queue_xmit+0x7cd/0x32a0
br_dev_queue_push_xmit+0x39d/0x6a0

Use skb_checksum instead of csum_partial who cannot deal with non-linear
SKBs.

Solution(s)

amazon-linux-ami-2-upgrade-bpftoolamazon-linux-ami-2-upgrade-bpftool-debuginfoamazon-linux-ami-2-upgrade-kernelamazon-linux-ami-2-upgrade-kernel-debuginfoamazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64amazon-linux-ami-2-upgrade-kernel-develamazon-linux-ami-2-upgrade-kernel-headersamazon-linux-ami-2-upgrade-kernel-livepatch-5-10-210-201-852amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-149-99-161amazon-linux-ami-2-upgrade-kernel-toolsamazon-linux-ami-2-upgrade-kernel-tools-debuginfoamazon-linux-ami-2-upgrade-kernel-tools-develamazon-linux-ami-2-upgrade-perfamazon-linux-ami-2-upgrade-perf-debuginfoamazon-linux-ami-2-upgrade-python-perfamazon-linux-ami-2-upgrade-python-perf-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today