cve-2024-41066
Vulnerability from cvelistv5
Published
2024-07-29 14:57
Modified
2024-09-11 17:32
Severity ?
Summary
ibmvnic: Add tx check to prevent skb leak
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0983d288caf984de0202c66641577b739caad561Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/16ad1557cae582e79bb82dddd612d9bdfaa11d4cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/267c61c4afed0ff9a2e83462abad3f41d8ca1f06Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e7b75def33eae61ddaad6cb616c517dc3882eb2aPatch
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16ad1557cae582e79bb82dddd612d9bdfaa11d4c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/267c61c4afed0ff9a2e83462abad3f41d8ca1f06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e7b75def33eae61ddaad6cb616c517dc3882eb2a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0983d288caf984de0202c66641577b739caad561"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41066",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:21:52.759335Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:57.523Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/ibm/ibmvnic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "16ad1557cae5",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "267c61c4afed",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "e7b75def33ea",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "0983d288caf9",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/ibm/ibmvnic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.101",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.42",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Add tx check to prevent skb leak\n\nBelow is a summary of how the driver stores a reference to an skb during\ntransmit:\n    tx_buff[free_map[consumer_index]]-\u003eskb = new_skb;\n    free_map[consumer_index] = IBMVNIC_INVALID_MAP;\n    consumer_index ++;\nWhere variable data looks like this:\n    free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]\n                                               \tconsumer_index^\n    tx_buff == [skb=null, skb=\u003cptr\u003e, skb=\u003cptr\u003e, skb=null, skb=null]\n\nThe driver has checks to ensure that free_map[consumer_index] pointed to\na valid index but there was no check to ensure that this index pointed\nto an unused/null skb address. So, if, by some chance, our free_map and\ntx_buff lists become out of sync then we were previously risking an\nskb memory leak. This could then cause tcp congestion control to stop\nsending packets, eventually leading to ETIMEDOUT.\n\nTherefore, add a conditional to ensure that the skb address is null. If\nnot then warn the user (because this is still a bug that should be\npatched) and free the old pointer to prevent memleak/tcp problems."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-29T14:57:27.832Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/16ad1557cae582e79bb82dddd612d9bdfaa11d4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/267c61c4afed0ff9a2e83462abad3f41d8ca1f06"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7b75def33eae61ddaad6cb616c517dc3882eb2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/0983d288caf984de0202c66641577b739caad561"
        }
      ],
      "title": "ibmvnic: Add tx check to prevent skb leak",
      "x_generator": {
        "engine": "bippy-c9c4e1df01b2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41066",
    "datePublished": "2024-07-29T14:57:27.832Z",
    "dateReserved": "2024-07-12T12:17:45.630Z",
    "dateUpdated": "2024-09-11T17:32:57.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-41066\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-29T15:15:14.480\",\"lastModified\":\"2024-09-10T17:06:26.617\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nibmvnic: Add tx check to prevent skb leak\\n\\nBelow is a summary of how the driver stores a reference to an skb during\\ntransmit:\\n    tx_buff[free_map[consumer_index]]-\u003eskb = new_skb;\\n    free_map[consumer_index] = IBMVNIC_INVALID_MAP;\\n    consumer_index ++;\\nWhere variable data looks like this:\\n    free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]\\n                                               \\tconsumer_index^\\n    tx_buff == [skb=null, skb=\u003cptr\u003e, skb=\u003cptr\u003e, skb=null, skb=null]\\n\\nThe driver has checks to ensure that free_map[consumer_index] pointed to\\na valid index but there was no check to ensure that this index pointed\\nto an unused/null skb address. So, if, by some chance, our free_map and\\ntx_buff lists become out of sync then we were previously risking an\\nskb memory leak. This could then cause tcp congestion control to stop\\nsending packets, eventually leading to ETIMEDOUT.\\n\\nTherefore, add a conditional to ensure that the skb address is null. If\\nnot then warn the user (because this is still a bug that should be\\npatched) and free the old pointer to prevent memleak/tcp problems.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ibmvnic: agregue verificaci\u00f3n de tx para evitar fugas de skb A continuaci\u00f3n se muestra un resumen de c\u00f3mo el controlador almacena una referencia a un skb durante la transmisi\u00f3n: tx_buff[free_map[consumer_index]]-\u0026gt;skb = new_skb ; free_map[consumer_index] = IBMVNIC_INVALID_MAP; consumer_index++; Donde los datos variables se ven as\u00ed: free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3] consumer_index^ tx_buff == [skb=null, skb=, skb=, skb=null, skb=null ] El controlador tiene comprobaciones para garantizar que free_map[consumer_index] apunte a un \u00edndice v\u00e1lido, pero no hubo ninguna verificaci\u00f3n para garantizar que este \u00edndice apunte a una direcci\u00f3n skb nula o no utilizada. Entonces, si, por casualidad, nuestras listas free_map y tx_buff no est\u00e1n sincronizadas, entonces est\u00e1bamos arriesg\u00e1ndonos a una p\u00e9rdida de memoria skb. Esto podr\u00eda provocar que el control de congesti\u00f3n de TCP deje de enviar paquetes, lo que eventualmente provocar\u00eda ETIMEDOUT. Por lo tanto, agregue un condicional para garantizar que la direcci\u00f3n skb sea nula. De lo contrario, advierta al usuario (porque todav\u00eda es un error que debe corregirse) y libere el puntero antiguo para evitar problemas de memleak/tcp.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.101\",\"matchCriteriaId\":\"BC2B5B53-6D0E-4FA7-B414-71D3FF089CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.42\",\"matchCriteriaId\":\"972274A2-D688-4C37-BE42-689B58B4C225\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.9.11\",\"matchCriteriaId\":\"01E300B3-8B39-4A2D-8B03-4631433D3915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBB4392-5FA6-4DA9-9772-8F9C750109FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"331C2F14-12C7-45D5-893D-8C52EE38EA10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3173713D-909A-4DD3-9DD4-1E171EB057EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"79F18AFA-40F7-43F0-BA30-7BDB65F918B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD973AA4-A789-49BD-8D57-B2846935D3C7\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0983d288caf984de0202c66641577b739caad561\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/16ad1557cae582e79bb82dddd612d9bdfaa11d4c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/267c61c4afed0ff9a2e83462abad3f41d8ca1f06\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e7b75def33eae61ddaad6cb616c517dc3882eb2a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.