| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Apr 2024 12:28:37 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-26862: packet: annotate data-races around ignore_outgoing Description =========== In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignore_outgoing ignore_outgoing is read locklessly from dev_queue_xmit_nit() and packet_getsockopt() Add appropriate READ_ONCE()/WRITE_ONCE() annotations. syzbot reported: BUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt write to 0xffff888107804542 of 1 bytes by task 22618 on cpu 0: packet_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003 do_sock_setsockopt net/socket.c:2311 [inline] __sys_setsockopt+0x1d8/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0x66/0x80 net/socket.c:2340 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 read to 0xffff888107804542 of 1 bytes by task 27 on cpu 1: dev_queue_xmit_nit+0x82/0x620 net/core/dev.c:2248 xmit_one net/core/dev.c:3527 [inline] dev_hard_start_xmit+0xcc/0x3f0 net/core/dev.c:3547 __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335 dev_queue_xmit include/linux/netdevice.h:3091 [inline] batadv_send_skb_packet+0x264/0x300 net/batman-adv/send.c:108 batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x3f0/0x4b0 net/batman-adv/bat_iv_ogm.c:1700 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335 worker_thread+0x526/0x730 kernel/workqueue.c:3416 kthread+0x1d1/0x210 kernel/kthread.c:388 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 value changed: 0x00 -> 0x01 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 27 Comm: kworker/u8:1 Tainted: G W 6.8.0-syzkaller-08073-g480e035fc4c7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet The Linux kernel CVE team has assigned CVE-2024-26862 to this issue. Affected and fixed versions =========================== Issue introduced in 4.20 with commit fa788d986a3a and fixed in 5.4.273 with commit 84c510411e32 Issue introduced in 4.20 with commit fa788d986a3a and fixed in 5.10.214 with commit 68e84120319d Issue introduced in 4.20 with commit fa788d986a3a and fixed in 5.15.153 with commit d35b62c224e7 Issue introduced in 4.20 with commit fa788d986a3a and fixed in 6.1.83 with commit ef7eed7e11d2 Issue introduced in 4.20 with commit fa788d986a3a and fixed in 6.6.23 with commit 2c02c5059c78 Issue introduced in 4.20 with commit fa788d986a3a and fixed in 6.7.11 with commit ee413f30ec4f Issue introduced in 4.20 with commit fa788d986a3a and fixed in 6.8.2 with commit 8b1e273c6afc Issue introduced in 4.20 with commit fa788d986a3a and fixed in 6.9-rc1 with commit 6ebfad33161a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-26862 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/core/dev.c net/packet/af_packet.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0 https://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd https://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560 https://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5 https://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37 https://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234 https://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97 https://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97
Powered by blists - more mailing lists