Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2024-42106): Linux kernel vulnerabilities

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Ubuntu: (Multiple Advisories) (CVE-2024-42106): Linux kernel vulnerabilities

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
07/30/2024
Created
09/14/2024
Added
09/13/2024
Modified
10/02/2024

Description

In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. This field corresponds to the sdiag_raw_protocol field in struct inet_diag_req_raw. inet_diag_get_exact_compat() converts inet_diag_req to inet_diag_req_v2, but leaves the pad field uninitialized. So the issue occurs when raw_lookup() accesses the sdiag_raw_protocol field. Fix this by initializing the pad field in inet_diag_get_exact_compat(). Also, do the same fix in inet_diag_dump_compat() to avoid the similar issue in the future. [1] BUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline] BUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_lookup net/ipv4/raw_diag.c:49 [inline] raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable req.i created at: inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline] inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 CPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014

Solution(s)

  • ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp
  • ubuntu-upgrade-linux-image-5-15-0-1052-gkeop
  • ubuntu-upgrade-linux-image-5-15-0-1062-ibm
  • ubuntu-upgrade-linux-image-5-15-0-1062-raspi
  • ubuntu-upgrade-linux-image-5-15-0-1064-intel-iotg
  • ubuntu-upgrade-linux-image-5-15-0-1064-nvidia
  • ubuntu-upgrade-linux-image-5-15-0-1064-nvidia-lowlatency
  • ubuntu-upgrade-linux-image-5-15-0-1066-gke
  • ubuntu-upgrade-linux-image-5-15-0-1066-kvm
  • ubuntu-upgrade-linux-image-5-15-0-1067-oracle
  • ubuntu-upgrade-linux-image-5-15-0-1068-gcp
  • ubuntu-upgrade-linux-image-5-15-0-1069-aws
  • ubuntu-upgrade-linux-image-5-15-0-1072-azure
  • ubuntu-upgrade-linux-image-5-15-0-1072-azure-fde
  • ubuntu-upgrade-linux-image-5-15-0-121-generic
  • ubuntu-upgrade-linux-image-5-15-0-121-generic-64k
  • ubuntu-upgrade-linux-image-5-15-0-121-generic-lpae
  • ubuntu-upgrade-linux-image-5-15-0-121-lowlatency
  • ubuntu-upgrade-linux-image-5-15-0-121-lowlatency-64k
  • ubuntu-upgrade-linux-image-5-4-0-1043-iot
  • ubuntu-upgrade-linux-image-5-4-0-1051-xilinx-zynqmp
  • ubuntu-upgrade-linux-image-5-4-0-1079-ibm
  • ubuntu-upgrade-linux-image-5-4-0-1092-bluefield
  • ubuntu-upgrade-linux-image-5-4-0-1099-gkeop
  • ubuntu-upgrade-linux-image-5-4-0-1116-raspi
  • ubuntu-upgrade-linux-image-5-4-0-1120-kvm
  • ubuntu-upgrade-linux-image-5-4-0-1131-oracle
  • ubuntu-upgrade-linux-image-5-4-0-1132-aws
  • ubuntu-upgrade-linux-image-5-4-0-1136-gcp
  • ubuntu-upgrade-linux-image-5-4-0-1137-azure
  • ubuntu-upgrade-linux-image-5-4-0-195-generic
  • ubuntu-upgrade-linux-image-5-4-0-195-generic-lpae
  • ubuntu-upgrade-linux-image-5-4-0-195-lowlatency
  • ubuntu-upgrade-linux-image-aws
  • ubuntu-upgrade-linux-image-aws-lts-20-04
  • ubuntu-upgrade-linux-image-aws-lts-22-04
  • ubuntu-upgrade-linux-image-azure
  • ubuntu-upgrade-linux-image-azure-cvm
  • ubuntu-upgrade-linux-image-azure-fde
  • ubuntu-upgrade-linux-image-azure-fde-lts-22-04
  • ubuntu-upgrade-linux-image-azure-lts-20-04
  • ubuntu-upgrade-linux-image-azure-lts-22-04
  • ubuntu-upgrade-linux-image-bluefield
  • ubuntu-upgrade-linux-image-gcp
  • ubuntu-upgrade-linux-image-gcp-lts-20-04
  • ubuntu-upgrade-linux-image-gcp-lts-22-04
  • ubuntu-upgrade-linux-image-generic
  • ubuntu-upgrade-linux-image-generic-64k
  • ubuntu-upgrade-linux-image-generic-64k-hwe-20-04
  • ubuntu-upgrade-linux-image-generic-hwe-18-04
  • ubuntu-upgrade-linux-image-generic-hwe-20-04
  • ubuntu-upgrade-linux-image-generic-lpae
  • ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04
  • ubuntu-upgrade-linux-image-gke
  • ubuntu-upgrade-linux-image-gke-5-15
  • ubuntu-upgrade-linux-image-gkeop
  • ubuntu-upgrade-linux-image-gkeop-5-15
  • ubuntu-upgrade-linux-image-gkeop-5-4
  • ubuntu-upgrade-linux-image-ibm
  • ubuntu-upgrade-linux-image-ibm-lts-20-04
  • ubuntu-upgrade-linux-image-intel
  • ubuntu-upgrade-linux-image-intel-iotg
  • ubuntu-upgrade-linux-image-kvm
  • ubuntu-upgrade-linux-image-lowlatency
  • ubuntu-upgrade-linux-image-lowlatency-64k
  • ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
  • ubuntu-upgrade-linux-image-lowlatency-hwe-18-04
  • ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
  • ubuntu-upgrade-linux-image-nvidia
  • ubuntu-upgrade-linux-image-nvidia-lowlatency
  • ubuntu-upgrade-linux-image-oem
  • ubuntu-upgrade-linux-image-oem-20-04
  • ubuntu-upgrade-linux-image-oem-20-04b
  • ubuntu-upgrade-linux-image-oem-20-04c
  • ubuntu-upgrade-linux-image-oem-20-04d
  • ubuntu-upgrade-linux-image-oem-osp1
  • ubuntu-upgrade-linux-image-oracle
  • ubuntu-upgrade-linux-image-oracle-lts-20-04
  • ubuntu-upgrade-linux-image-oracle-lts-22-04
  • ubuntu-upgrade-linux-image-raspi
  • ubuntu-upgrade-linux-image-raspi-hwe-18-04
  • ubuntu-upgrade-linux-image-raspi-nolpae
  • ubuntu-upgrade-linux-image-raspi2
  • ubuntu-upgrade-linux-image-raspi2-hwe-18-04
  • ubuntu-upgrade-linux-image-snapdragon-hwe-18-04
  • ubuntu-upgrade-linux-image-virtual
  • ubuntu-upgrade-linux-image-virtual-hwe-18-04
  • ubuntu-upgrade-linux-image-virtual-hwe-20-04
  • ubuntu-upgrade-linux-image-xilinx-zynqmp

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;