cve-2024-38586
Vulnerability from cvelistv5
Published
2024-06-19 13:37
Modified
2024-12-19 09:05
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently leading to calls to dma_unmap_single() with a null address. This was caused by rtl8169_start_xmit() not noticing changes to nr_frags which may occur when small packets are padded (to work around hardware quirks) in rtl8169_tso_csum_v2(). To fix this, postpone inspecting nr_frags until after any padding has been applied.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417
Impacted products
Vendor Product Version
Linux Linux Version: 5.7
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38586",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:50.332760Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:55.087Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/realtek/r8169_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "61c1c98e2607120ce9c3fa1bf75e6da909712b27",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "b6d21cf40de103d63ae78551098a7c06af8c98dd",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "0c48185a95309556725f818b82120bb74e9c627d",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "68222d7b4b72aa321135cd453dac37f00ec41fd1",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "078d5b7500d70af2de6b38e226b03f0b932026a6",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "54e7a0d111240c92c0f02ceba6eb8f26bf6d6479",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "c71e3a5cffd5309d7f84444df03d5b72600cc417",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/realtek/r8169_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nr8169: Fix possible ring buffer corruption on fragmented Tx packets.\n\nAn issue was found on the RTL8125b when transmitting small fragmented\npackets, whereby invalid entries were inserted into the transmit ring\nbuffer, subsequently leading to calls to dma_unmap_single() with a null\naddress.\n\nThis was caused by rtl8169_start_xmit() not noticing changes to nr_frags\nwhich may occur when small packets are padded (to work around hardware\nquirks) in rtl8169_tso_csum_v2().\n\nTo fix this, postpone inspecting nr_frags until after any padding has been\napplied."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:05:06.381Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d"
        },
        {
          "url": "https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479"
        },
        {
          "url": "https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417"
        }
      ],
      "title": "r8169: Fix possible ring buffer corruption on fragmented Tx packets.",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38586",
    "datePublished": "2024-06-19T13:37:41.879Z",
    "dateReserved": "2024-06-18T19:36:34.929Z",
    "dateUpdated": "2024-12-19T09:05:06.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-38586\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-19T14:15:18.700\",\"lastModified\":\"2024-11-21T09:26:24.963\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nr8169: Fix possible ring buffer corruption on fragmented Tx packets.\\n\\nAn issue was found on the RTL8125b when transmitting small fragmented\\npackets, whereby invalid entries were inserted into the transmit ring\\nbuffer, subsequently leading to calls to dma_unmap_single() with a null\\naddress.\\n\\nThis was caused by rtl8169_start_xmit() not noticing changes to nr_frags\\nwhich may occur when small packets are padded (to work around hardware\\nquirks) in rtl8169_tso_csum_v2().\\n\\nTo fix this, postpone inspecting nr_frags until after any padding has been\\napplied.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: r8169: corrige una posible corrupci\u00f3n del b\u00fafer en anillo en paquetes Tx fragmentados. Se encontr\u00f3 un problema en el RTL8125b al transmitir peque\u00f1os paquetes fragmentados, por el cual se insertaban entradas no v\u00e1lidas en el b\u00fafer del anillo de transmisi\u00f3n, lo que posteriormente generaba llamadas a dma_unmap_single() con una direcci\u00f3n nula. Esto se debi\u00f3 a que rtl8169_start_xmit() no not\u00f3 los cambios en nr_frags que pueden ocurrir cuando se rellenan paquetes peque\u00f1os (para evitar peculiaridades del hardware) en rtl8169_tso_csum_v2(). Para solucionar este problema, posponga la inspecci\u00f3n de nr_frags hasta que se haya aplicado el relleno.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.