| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024053041-CVE-2024-36929-0329@gregkh> Date: Thu, 30 May 2024 17:29:21 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs Description =========== In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in order to prevent a crash on a potential later call to skb_gso_segment. The Linux kernel CVE team has assigned CVE-2024-36929 to this issue. Affected and fixed versions =========================== Issue introduced in 5.6 with commit 3a1296a38d0c and fixed in 5.10.217 with commit faa83a7797f0 Issue introduced in 5.6 with commit 3a1296a38d0c and fixed in 5.15.159 with commit c7af99cc2192 Issue introduced in 5.6 with commit 3a1296a38d0c and fixed in 6.1.91 with commit 989bf6fd1e1d Issue introduced in 5.6 with commit 3a1296a38d0c and fixed in 6.6.31 with commit cfe34d86ef97 Issue introduced in 5.6 with commit 3a1296a38d0c and fixed in 6.8.10 with commit aea5e2669c28 Issue introduced in 5.6 with commit 3a1296a38d0c and fixed in 6.9 with commit d091e579b864 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-36929 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/core/skbuff.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1 https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533 https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62 https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6 https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681
Powered by blists - more mailing lists