| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122740-CVE-2024-56651-2d22@gregkh>
Date: Fri, 27 Dec 2024 16:02:52 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
can: hi311x: hi3110_can_ist(): fix potential use-after-free
The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr
during bus-off") removed the reporting of rxerr and txerr even in case
of correct operation (i. e. not bus-off).
The error count information added to the CAN frame after netif_rx() is
a potential use after free, since there is no guarantee that the skb
is in the same state. It might be freed or reused.
Fix the issue by postponing the netif_rx() call in case of txerr and
rxerr reporting.
The Linux kernel CVE team has assigned CVE-2024-56651 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.0 with commit a22bd630cfff496b270211745536e50e98eb3a45 and fixed in 6.1.120 with commit 4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1
Issue introduced in 6.0 with commit a22bd630cfff496b270211745536e50e98eb3a45 and fixed in 6.6.66 with commit 1128022009444faf49359bd406cd665b177cb643
Issue introduced in 6.0 with commit a22bd630cfff496b270211745536e50e98eb3a45 and fixed in 6.12.5 with commit bc30b2fe8c54694f8ae08a5b8a5d174d16d93075
Issue introduced in 6.0 with commit a22bd630cfff496b270211745536e50e98eb3a45 and fixed in 6.13-rc2 with commit 9ad86d377ef4a19c75a9c639964879a5b25a433b
Issue introduced in 4.14.291 with commit 303733fdab728d34708014b3096dc69ebae6e531
Issue introduced in 4.19.256 with commit 410054f1cf75378a6f009359e5952a240102a1a2
Issue introduced in 5.4.211 with commit d20bf7e76136fd4c1e47502a1f5773f2290013ed
Issue introduced in 5.10.137 with commit 22e382d47de09e865a9214cc5c9f99256e65deaa
Issue introduced in 5.15.61 with commit dcfcd5fc999b1eb7946de1fd031bc3aaf224c5ae
Issue introduced in 5.18.18 with commit 330b0ac34beec4fef8b002549af5bc6d0b6f0836
Issue introduced in 5.19.2 with commit f3d865a6b791abbc874739ed702ae64ad2607511
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-56651
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/net/can/spi/hi311x.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1
https://git.kernel.org/stable/c/1128022009444faf49359bd406cd665b177cb643
https://git.kernel.org/stable/c/bc30b2fe8c54694f8ae08a5b8a5d174d16d93075
https://git.kernel.org/stable/c/9ad86d377ef4a19c75a9c639964879a5b25a433b
Powered by blists - more mailing lists