lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2024091336-CVE-2024-46679-3527@gregkh>
Date: Fri, 13 Sep 2024 07:30:40 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-46679: ethtool: check device is present when getting link settings

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

ethtool: check device is present when getting link settings

A sysfs reader can race with a device reset or removal, attempting to
read device state when the device is not actually present. eg:

     [exception RIP: qed_get_current_link+17]
  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]
  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3
 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4
 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300
 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c
 #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b
 #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3
 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1
 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f
 #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb

 crash> struct net_device.state ffff9a9d21336000
    state = 5,

state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).
The device is not present, note lack of __LINK_STATE_PRESENT (0b10).

This is the same sort of panic as observed in commit 4224cfd7fb65
("net-sysfs: add check for netdevice being present to speed_show").

There are many other callers of __ethtool_get_link_ksettings() which
don't have a device presence check.

Move this check into ethtool to protect all callers.

The Linux kernel CVE team has assigned CVE-2024-46679 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 2.6.33 with commit d519e17e2d01 and fixed in 5.4.283 with commit ec7b4f7f6440
	Issue introduced in 2.6.33 with commit d519e17e2d01 and fixed in 5.10.225 with commit 842a40c7273b
	Issue introduced in 2.6.33 with commit d519e17e2d01 and fixed in 5.15.166 with commit 7a8d98b6d648
	Issue introduced in 2.6.33 with commit d519e17e2d01 and fixed in 6.1.108 with commit 9bba5955eed1
	Issue introduced in 2.6.33 with commit d519e17e2d01 and fixed in 6.6.49 with commit 94ab317024ba
	Issue introduced in 2.6.33 with commit d519e17e2d01 and fixed in 6.10.8 with commit 1d6d9b5b1b95
	Issue introduced in 2.6.33 with commit d519e17e2d01 and fixed in 6.11-rc6 with commit a699781c79ec

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-46679
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	net/core/net-sysfs.c
	net/ethtool/ioctl.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62
	https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e
	https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc
	https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4
	https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb
	https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2
	https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ