vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-26863): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	04/17/2024	07/01/2024	04/14/2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

04/17/2024

Added

07/01/2024

Modified

04/14/2025

Description

In the Linux kernel, the following vulnerability has been resolved:

hsr: Fix uninit-value access in hsr_get_node()

KMSAN reported the following uninit-value access issue [1]:

=====================================================
BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246
hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246
fill_frame_info net/hsr/hsr_forward.c:577 [inline]
hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615
hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564
__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3087 [inline]
packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was created at:
slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline]
kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
__alloc_skb+0x318/0x740 net/core/skbuff.c:651
alloc_skb include/linux/skbuff.h:1286 [inline]
alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334
sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787
packet_alloc_skb net/packet/af_packet.c:2936 [inline]
packet_snd net/packet/af_packet.c:3030 [inline]
packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b

CPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
=====================================================

If the packet type ID field in the Ethernet header is either ETH_P_PRP or
ETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr()
reads an invalid value as a sequence number. This causes the above issue.

This patch fixes the issue by returning NULL if the Ethernet header is not
followed by an HSR tag.

Solution(s)

ubuntu-upgrade-linux-image-4-15-0-1134-fipsubuntu-upgrade-linux-image-4-15-0-1141-oracleubuntu-upgrade-linux-image-4-15-0-1162-kvmubuntu-upgrade-linux-image-4-15-0-1172-gcpubuntu-upgrade-linux-image-4-15-0-1179-awsubuntu-upgrade-linux-image-4-15-0-1187-azureubuntu-upgrade-linux-image-4-15-0-2080-gcp-fipsubuntu-upgrade-linux-image-4-15-0-2096-azure-fipsubuntu-upgrade-linux-image-4-15-0-2117-aws-fipsubuntu-upgrade-linux-image-4-15-0-236-genericubuntu-upgrade-linux-image-4-15-0-236-lowlatencyubuntu-upgrade-linux-image-4-4-0-1112-fipsubuntu-upgrade-linux-image-4-4-0-1142-awsubuntu-upgrade-linux-image-4-4-0-1143-kvmubuntu-upgrade-linux-image-4-4-0-1180-awsubuntu-upgrade-linux-image-4-4-0-267-genericubuntu-upgrade-linux-image-4-4-0-267-lowlatencyubuntu-upgrade-linux-image-5-15-0-1030-xilinx-zynqmpubuntu-upgrade-linux-image-5-15-0-1046-gkeopubuntu-upgrade-linux-image-5-15-0-1056-ibmubuntu-upgrade-linux-image-5-15-0-1057-ibmubuntu-upgrade-linux-image-5-15-0-1058-intel-iotgubuntu-upgrade-linux-image-5-15-0-1058-nvidiaubuntu-upgrade-linux-image-5-15-0-1058-nvidia-lowlatencyubuntu-upgrade-linux-image-5-15-0-1058-raspiubuntu-upgrade-linux-image-5-15-0-1060-gkeubuntu-upgrade-linux-image-5-15-0-1060-kvmubuntu-upgrade-linux-image-5-15-0-1061-oracleubuntu-upgrade-linux-image-5-15-0-1062-gcpubuntu-upgrade-linux-image-5-15-0-1063-awsubuntu-upgrade-linux-image-5-15-0-1065-azure-fdeubuntu-upgrade-linux-image-5-15-0-1066-azureubuntu-upgrade-linux-image-5-15-0-110-lowlatencyubuntu-upgrade-linux-image-5-15-0-110-lowlatency-64kubuntu-upgrade-linux-image-5-15-0-112-genericubuntu-upgrade-linux-image-5-15-0-112-generic-64kubuntu-upgrade-linux-image-5-15-0-112-generic-lpaeubuntu-upgrade-linux-image-5-15-0-113-genericubuntu-upgrade-linux-image-5-15-0-113-generic-64kubuntu-upgrade-linux-image-5-15-0-113-generic-lpaeubuntu-upgrade-linux-image-5-4-0-1040-iotubuntu-upgrade-linux-image-5-4-0-1047-xilinx-zynqmpubuntu-upgrade-linux-image-5-4-0-1075-ibmubuntu-upgrade-linux-image-5-4-0-1088-bluefieldubuntu-upgrade-linux-image-5-4-0-1095-gkeopubuntu-upgrade-linux-image-5-4-0-1112-raspiubuntu-upgrade-linux-image-5-4-0-1116-kvmubuntu-upgrade-linux-image-5-4-0-1127-oracleubuntu-upgrade-linux-image-5-4-0-1128-awsubuntu-upgrade-linux-image-5-4-0-1132-gcpubuntu-upgrade-linux-image-5-4-0-1133-azureubuntu-upgrade-linux-image-5-4-0-189-genericubuntu-upgrade-linux-image-5-4-0-189-generic-lpaeubuntu-upgrade-linux-image-5-4-0-189-lowlatencyubuntu-upgrade-linux-image-6-8-0-1004-gkeubuntu-upgrade-linux-image-6-8-0-1005-raspiubuntu-upgrade-linux-image-6-8-0-1006-ibmubuntu-upgrade-linux-image-6-8-0-1006-oemubuntu-upgrade-linux-image-6-8-0-1006-oracleubuntu-upgrade-linux-image-6-8-0-1006-oracle-64kubuntu-upgrade-linux-image-6-8-0-1008-azureubuntu-upgrade-linux-image-6-8-0-1008-azure-fdeubuntu-upgrade-linux-image-6-8-0-1008-gcpubuntu-upgrade-linux-image-6-8-0-1009-awsubuntu-upgrade-linux-image-6-8-0-35-genericubuntu-upgrade-linux-image-6-8-0-35-generic-64kubuntu-upgrade-linux-image-6-8-0-35-lowlatencyubuntu-upgrade-linux-image-6-8-0-35-lowlatency-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-fipsubuntu-upgrade-linux-image-aws-hweubuntu-upgrade-linux-image-aws-lts-18-04ubuntu-upgrade-linux-image-aws-lts-20-04ubuntu-upgrade-linux-image-aws-lts-22-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-azure-fde-lts-22-04ubuntu-upgrade-linux-image-azure-fipsubuntu-upgrade-linux-image-azure-lts-18-04ubuntu-upgrade-linux-image-azure-lts-20-04ubuntu-upgrade-linux-image-azure-lts-22-04ubuntu-upgrade-linux-image-bluefieldubuntu-upgrade-linux-image-fipsubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-fipsubuntu-upgrade-linux-image-gcp-lts-18-04ubuntu-upgrade-linux-image-gcp-lts-20-04ubuntu-upgrade-linux-image-gcp-lts-22-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-16-04ubuntu-upgrade-linux-image-generic-hwe-18-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-generic-lts-xenialubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-5-15ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-5-15ubuntu-upgrade-linux-image-gkeop-5-4ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-20-04ubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-intelubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-hwe-16-04ubuntu-upgrade-linux-image-lowlatency-hwe-18-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-lts-xenialubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-oemubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-20-04bubuntu-upgrade-linux-image-oem-20-04cubuntu-upgrade-linux-image-oem-20-04dubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oem-osp1ubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-lts-18-04ubuntu-upgrade-linux-image-oracle-lts-20-04ubuntu-upgrade-linux-image-oracle-lts-22-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-hwe-18-04ubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-raspi2ubuntu-upgrade-linux-image-snapdragon-hwe-18-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-16-04ubuntu-upgrade-linux-image-virtual-hwe-18-04ubuntu-upgrade-linux-image-virtual-hwe-20-04ubuntu-upgrade-linux-image-virtual-hwe-24-04ubuntu-upgrade-linux-image-virtual-lts-xenialubuntu-upgrade-linux-image-xilinx-zynqmp

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today

Ubuntu: (Multiple Advisories) (CVE-2024-26863): Linux kernel vulnerabilities

Description

Solution(s)

References

Explore Exposure Command