cve-2024-33621
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2024-11-05 09:22
Severity ?
Summary
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
Impacted products
Vendor Product Version
Linux Linux Version: 3.19
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:36:04.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0049a623dfbbb49888de7f0c2f33a582b5ead989"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54768bacfde60e8e4757968d79f8726711dd2cf5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1abbf079da59ef559d0ab4219d2a0302f7970761"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/183c4b416454b9983dc1b8aa0022b748911adc48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb53706a3403ba67f4040b2a82d9cf79e11b1a48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54213c09801e0bd2549ac42961093be36f65a7d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13c4543db34e0da5a7d2f550b6262d860f248381"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b3dc6e8003b500861fa307e9a3400c52e78e4d3a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33621",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:09:47.521739Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:46.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ipvlan/ipvlan_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0049a623dfbb",
              "status": "affected",
              "version": "2ad7bf363841",
              "versionType": "git"
            },
            {
              "lessThan": "54768bacfde6",
              "status": "affected",
              "version": "2ad7bf363841",
              "versionType": "git"
            },
            {
              "lessThan": "1abbf079da59",
              "status": "affected",
              "version": "2ad7bf363841",
              "versionType": "git"
            },
            {
              "lessThan": "183c4b416454",
              "status": "affected",
              "version": "2ad7bf363841",
              "versionType": "git"
            },
            {
              "lessThan": "cb53706a3403",
              "status": "affected",
              "version": "2ad7bf363841",
              "versionType": "git"
            },
            {
              "lessThan": "54213c09801e",
              "status": "affected",
              "version": "2ad7bf363841",
              "versionType": "git"
            },
            {
              "lessThan": "13c4543db34e",
              "status": "affected",
              "version": "2ad7bf363841",
              "versionType": "git"
            },
            {
              "lessThan": "b3dc6e8003b5",
              "status": "affected",
              "version": "2ad7bf363841",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ipvlan/ipvlan_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Dont Use skb-\u003esk in ipvlan_process_v{4,6}_outbound\n\nRaw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will\nhit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path.\n\nWARNING: CPU: 2 PID: 0 at net/core/sock.c:775 sk_mc_loop+0x2d/0x70\nModules linked in: sch_netem ipvlan rfkill cirrus drm_shmem_helper sg drm_kms_helper\nCPU: 2 PID: 0 Comm: swapper/2 Kdump: loaded Not tainted 6.9.0+ #279\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:sk_mc_loop+0x2d/0x70\nCode: fa 0f 1f 44 00 00 65 0f b7 15 f7 96 a3 4f 31 c0 66 85 d2 75 26 48 85 ff 74 1c\nRSP: 0018:ffffa9584015cd78 EFLAGS: 00010212\nRAX: 0000000000000011 RBX: ffff91e585793e00 RCX: 0000000002c6a001\nRDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff91e589c0f000\nRBP: ffff91e5855bd100 R08: 0000000000000000 R09: 3d00545216f43d00\nR10: ffff91e584fdcc50 R11: 00000060dd8616f4 R12: ffff91e58132d000\nR13: ffff91e584fdcc68 R14: ffff91e5869ce800 R15: ffff91e589c0f000\nFS:  0000000000000000(0000) GS:ffff91e898100000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f788f7c44c0 CR3: 0000000008e1a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cIRQ\u003e\n ? __warn (kernel/panic.c:693)\n ? sk_mc_loop (net/core/sock.c:760)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:239)\n ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? sk_mc_loop (net/core/sock.c:760)\n ip6_finish_output2 (net/ipv6/ip6_output.c:83 (discriminator 1))\n ? nf_hook_slow (net/netfilter/core.c:626)\n ip6_finish_output (net/ipv6/ip6_output.c:222)\n ? __pfx_ip6_finish_output (net/ipv6/ip6_output.c:215)\n ipvlan_xmit_mode_l3 (drivers/net/ipvlan/ipvlan_core.c:602) ipvlan\n ipvlan_start_xmit (drivers/net/ipvlan/ipvlan_main.c:226) ipvlan\n dev_hard_start_xmit (net/core/dev.c:3594)\n sch_direct_xmit (net/sched/sch_generic.c:343)\n __qdisc_run (net/sched/sch_generic.c:416)\n net_tx_action (net/core/dev.c:5286)\n handle_softirqs (kernel/softirq.c:555)\n __irq_exit_rcu (kernel/softirq.c:589)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043)\n\nThe warning triggers as this:\npacket_sendmsg\n   packet_snd //skb-\u003esk is packet sk\n      __dev_queue_xmit\n         __dev_xmit_skb //q-\u003eenqueue is not NULL\n             __qdisc_run\n               sch_direct_xmit\n                 dev_hard_start_xmit\n                   ipvlan_start_xmit\n                      ipvlan_xmit_mode_l3 //l3 mode\n                        ipvlan_process_outbound //vepa flag\n                          ipvlan_process_v6_outbound\n                            ip6_local_out\n                                __ip6_finish_output\n                                  ip6_finish_output2 //multicast packet\n                                    sk_mc_loop //sk-\u003esk_family is AF_PACKET\n\nCall ip{6}_local_out() with NULL sk in ipvlan as other tunnels to fix this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:22:11.083Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0049a623dfbbb49888de7f0c2f33a582b5ead989"
        },
        {
          "url": "https://git.kernel.org/stable/c/54768bacfde60e8e4757968d79f8726711dd2cf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/1abbf079da59ef559d0ab4219d2a0302f7970761"
        },
        {
          "url": "https://git.kernel.org/stable/c/183c4b416454b9983dc1b8aa0022b748911adc48"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb53706a3403ba67f4040b2a82d9cf79e11b1a48"
        },
        {
          "url": "https://git.kernel.org/stable/c/54213c09801e0bd2549ac42961093be36f65a7d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/13c4543db34e0da5a7d2f550b6262d860f248381"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3dc6e8003b500861fa307e9a3400c52e78e4d3a"
        }
      ],
      "title": "ipvlan: Dont Use skb-\u003esk in ipvlan_process_v{4,6}_outbound",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-33621",
    "datePublished": "2024-06-21T10:18:05.673Z",
    "dateReserved": "2024-06-21T10:13:16.298Z",
    "dateUpdated": "2024-11-05T09:22:11.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-33621\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-21T11:15:09.860\",\"lastModified\":\"2024-07-15T07:15:04.067\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nipvlan: Dont Use skb-\u003esk in ipvlan_process_v{4,6}_outbound\\n\\nRaw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will\\nhit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path.\\n\\nWARNING: CPU: 2 PID: 0 at net/core/sock.c:775 sk_mc_loop+0x2d/0x70\\nModules linked in: sch_netem ipvlan rfkill cirrus drm_shmem_helper sg drm_kms_helper\\nCPU: 2 PID: 0 Comm: swapper/2 Kdump: loaded Not tainted 6.9.0+ #279\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\\nRIP: 0010:sk_mc_loop+0x2d/0x70\\nCode: fa 0f 1f 44 00 00 65 0f b7 15 f7 96 a3 4f 31 c0 66 85 d2 75 26 48 85 ff 74 1c\\nRSP: 0018:ffffa9584015cd78 EFLAGS: 00010212\\nRAX: 0000000000000011 RBX: ffff91e585793e00 RCX: 0000000002c6a001\\nRDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff91e589c0f000\\nRBP: ffff91e5855bd100 R08: 0000000000000000 R09: 3d00545216f43d00\\nR10: ffff91e584fdcc50 R11: 00000060dd8616f4 R12: ffff91e58132d000\\nR13: ffff91e584fdcc68 R14: ffff91e5869ce800 R15: ffff91e589c0f000\\nFS:  0000000000000000(0000) GS:ffff91e898100000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 00007f788f7c44c0 CR3: 0000000008e1a000 CR4: 00000000000006f0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nCall Trace:\\n\u003cIRQ\u003e\\n ? __warn (kernel/panic.c:693)\\n ? sk_mc_loop (net/core/sock.c:760)\\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\\n ? handle_bug (arch/x86/kernel/traps.c:239)\\n ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\\n ? sk_mc_loop (net/core/sock.c:760)\\n ip6_finish_output2 (net/ipv6/ip6_output.c:83 (discriminator 1))\\n ? nf_hook_slow (net/netfilter/core.c:626)\\n ip6_finish_output (net/ipv6/ip6_output.c:222)\\n ? __pfx_ip6_finish_output (net/ipv6/ip6_output.c:215)\\n ipvlan_xmit_mode_l3 (drivers/net/ipvlan/ipvlan_core.c:602) ipvlan\\n ipvlan_start_xmit (drivers/net/ipvlan/ipvlan_main.c:226) ipvlan\\n dev_hard_start_xmit (net/core/dev.c:3594)\\n sch_direct_xmit (net/sched/sch_generic.c:343)\\n __qdisc_run (net/sched/sch_generic.c:416)\\n net_tx_action (net/core/dev.c:5286)\\n handle_softirqs (kernel/softirq.c:555)\\n __irq_exit_rcu (kernel/softirq.c:589)\\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043)\\n\\nThe warning triggers as this:\\npacket_sendmsg\\n   packet_snd //skb-\u003esk is packet sk\\n      __dev_queue_xmit\\n         __dev_xmit_skb //q-\u003eenqueue is not NULL\\n             __qdisc_run\\n               sch_direct_xmit\\n                 dev_hard_start_xmit\\n                   ipvlan_start_xmit\\n                      ipvlan_xmit_mode_l3 //l3 mode\\n                        ipvlan_process_outbound //vepa flag\\n                          ipvlan_process_v6_outbound\\n                            ip6_local_out\\n                                __ip6_finish_output\\n                                  ip6_finish_output2 //multicast packet\\n                                    sk_mc_loop //sk-\u003esk_family is AF_PACKET\\n\\nCall ip{6}_local_out() with NULL sk in ipvlan as other tunnels to fix this.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ipvlan: no use skb-\u0026gt;sk en ipvlan_process_v{4,6}_outbound El paquete sin procesar del socket PF_PACKET en la parte superior de un dispositivo ipvlan respaldado por IPv6 alcanzar\u00e1 WARN_ON_ONCE() en sk_mc_loop() a trav\u00e9s de la ruta sch_direct_xmit(). ADVERTENCIA: CPU: 2 PID: 0 en net/core/sock.c:775 sk_mc_loop+0x2d/0x70 M\u00f3dulos vinculados en: sch_netem ipvlan rfkill cirrus drm_shmem_helper sg drm_kms_helper CPU: 2 PID: 0 Comm: swapper/2 Kdump: cargado No contaminado 6.9.0+ #279 Nombre de hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.15.0-1 01/04/2014 RIP: 0010:sk_mc_loop+0x2d/0x70 C\u00f3digo: fa 0f 1f 44 00 00 65 0f b7 15 f7 96 a3 4f 31 c0 66 85 d2 75 26 48 85 ff 74 1c RSP: 0018:ffffa9584015cd78 EFLAGS: 00010212 RAX: 0000000000000011 RBX: ffff91e585793e00 RCX: 0000000002c6a001 RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff91e589c0f000 RBP: ffff91e5855bd100 R08: 0000000000000000 R09: 3d00545216f43d00 R10: ffff91e584fdcc50 R11: 00000060dd8616f4 R12: ffff91e58132d000 R13: ffff91e584fdcc68 R14: ffff91e5869ce800 R15: e589c0f000 FS: 0000000000000000(0000) GS:ffff91e898100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 00007f788f7c44c0 CR3: 0000000008e1a000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 00000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas:  ? __advertir (kernel/panic.c:693)? sk_mc_loop (net/core/sock.c:760)? report_bug (lib/bug.c:201 lib/bug.c:219)? handle_bug (arch/x86/kernel/traps.c:239)? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminador 1))? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)? sk_mc_loop (net/core/sock.c:760) ip6_finish_output2 (net/ipv6/ip6_output.c:83 (discriminador 1))? nf_hook_slow (net/netfilter/core.c:626) ip6_finish_output (net/ipv6/ip6_output.c:222)? __pfx_ip6_finish_output (net/ipv6/ip6_output.c:215) ipvlan_xmit_mode_l3 (drivers/net/ipvlan/ipvlan_core.c:602) ipvlan ipvlan_start_xmit (drivers/net/ipvlan/ipvlan_main.c:226) ipvlan dev_hard_start_xmit (net/core/dev . c:3594) sch_direct_xmit (net/sched/sch_generic.c:343) __qdisc_run (net/sched/sch_generic.c:416) net_tx_action (net/core/dev.c:5286) handle_softirqs (kernel/softirq.c:555) __irq_exit_rcu (kernel/softirq.c:589) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043) La advertencia se activa de la siguiente manera: paquete_sendmsg paquete_snd //skb-\u0026gt;sk es el paquete sk __dev_queue_xmit __dev_xmit_skb //q-\u0026gt; la cola no es NULL __qdisc_run sch_direct_xmit dev_hard_start_xmit ipvlan_start_xmit ipvlan_xmit_mode_l3 //modo l3 ipvlan_process_outbound //vepa flag ipvlan_process_v6_outbound ip6_local_out __ip6_finish_output ip6_finish_output2 //paquete de multidifusi\u00f3n sk_mc_loop //sk-\u0026gt; sk_family es AF_PACKET Llame a ip{6}_local_out() con NULL sk en ipvlan como otro t\u00faneles para solucionar este problema.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0049a623dfbbb49888de7f0c2f33a582b5ead989\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/13c4543db34e0da5a7d2f550b6262d860f248381\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/183c4b416454b9983dc1b8aa0022b748911adc48\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1abbf079da59ef559d0ab4219d2a0302f7970761\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/54213c09801e0bd2549ac42961093be36f65a7d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/54768bacfde60e8e4757968d79f8726711dd2cf5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b3dc6e8003b500861fa307e9a3400c52e78e4d3a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cb53706a3403ba67f4040b2a82d9cf79e11b1a48\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.