vulnerability

Huawei EulerOS: CVE-2024-26851: kernel security update

Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
04/17/2024
Added
07/16/2024
Modified
02/18/2025

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_h323: Add protection for bmp length out of range

UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts
that are out of bounds for their data type.

vmlinux get_bitmap(b=75) + 712

vmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956

vmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216

vmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812

vmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216

vmlinux DecodeRasMessage() + 304

vmlinux ras_help() + 684

vmlinux nf_confirm() + 188


Due to abnormal data in skb->data, the extension bitmap length
exceeds 32 when decoding ras message then uses the length to make
a shift operation. It will change into negative after several loop.
UBSAN load could detect a negative shift as an undefined behaviour
and reports exception.
So we add the protection to avoid the length exceeding 32. Or else
it will return out of range error and stop decoding.

Solution(s)

huawei-euleros-2_0_sp10-upgrade-kernelhuawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelistshuawei-euleros-2_0_sp10-upgrade-kernel-toolshuawei-euleros-2_0_sp10-upgrade-kernel-tools-libshuawei-euleros-2_0_sp10-upgrade-python3-perf
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.