Home

CVE-2024-26815

Description

In the Linux kernel, the following vulnerability has been resolved:net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX checktaprio_parse_tc_entry() is not correctly checkingTCA_TAPRIO_TC_ENTRY_INDEX attribute:int tc; // Signed valuetc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]);if (tc >= TC_QOPT_MAX_QUEUE) {NL_SET_ERR_MSG_MOD(extack, TC entry index out of range);return -ERANGE;}syzbot reported that it could fed arbitary negative values:UBSAN: shift-out-of-bounds in net/sched/sch_taprio.c:1722:18shift exponent -2147418108 is negativeCPU: 0 PID: 5066 Comm: syz-executor367 Not tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386 taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [inline] taprio_parse_tc_entries net/sched/sch_taprio.c:1768 [inline] taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877 taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134 qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77RIP: 0033:0x7f1b2dea3759Code: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48RSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002eRAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004RBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000R10: 0000555500000000 R11: 0000000000000246 R12: 00007ffd4de45340R13: 00007ffd4de45310 R14: 0000000000000001 R15: 00007ffd4de45340

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.022

Associated Vulnerability

VulnerabilityOS Platform
Linux kernel (USN-6816-1) linux-image-6.8.0-1006-ibm_6.8.0-1006.6_amd64.debLinux
Linux kernel (USN-6816-1) linux-image-6.8.0-35-generic_6.8.0-35.35+1_amd64.debLinux
Linux kernel (USN-6816-1) linux-image-6.8.0-35-lowlatency_6.8.0-35.35.1_amd64.debLinux
Linux kernel (USN-6816-1) linux-image-generic_6.8.0-35.35_amd64.debLinux
Linux kernel (USN-6816-1) linux-image-generic-hwe-24.04_6.8.0-35.35_amd64.debLinux
Linux kernel (USN-6816-1) linux-image-ibm_6.8.0-1006.6_amd64.debLinux
Linux kernel (USN-6816-1) linux-image-ibm-classic_6.8.0-1006.6_amd64.debLinux
Linux kernel (USN-6816-1) linux-image-ibm-lts-24.04_6.8.0-1006.6_amd64.debLinux
Linux kernel (USN-6816-1) linux-image-kvm_6.8.0-35.35_amd64.debLinux
Linux kernel (USN-6816-1) linux-image-lowlatency_6.8.0-35.35.1_amd64.debLinux
Linux kernel (USN-6816-1) linux-image-virtual_6.8.0-35.35_amd64.debLinux
Linux kernel (USN-6816-1) linux-image-virtual-hwe-24.04_6.8.0-35.35_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-6817-1) linux-image-6.8.0-1008-gcp_6.8.0-1008.9_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-6817-1) linux-image-6.8.0-1009-aws_6.8.0-1009.9_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-6817-1) linux-image-aws_6.8.0-1009.9_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-6817-1) linux-image-gcp_6.8.0-1008.9_amd64.debLinux
Linux kernel for OEM systems (USN-6817-2) linux-image-6.8.0-1006-oem_6.8.0-1006.6_amd64.debLinux
Linux kernel for OEM systems (USN-6817-2) linux-image-oem-24.04_6.8.0-1006.6+1_amd64.debLinux
Linux kernel for OEM systems (USN-6817-2) linux-image-oem-24.04a_6.8.0-1006.6+1_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-6817-3) linux-image-6.8.0-1004-gke_6.8.0-1004.7_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-6817-3) linux-image-6.8.0-1008-azure_6.8.0-1008.8_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-6817-3) linux-image-6.8.0-1008-azure-fde_6.8.0-1008.8_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-6817-3) linux-image-azure_6.8.0-1008.8_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-6817-3) linux-image-azure-fde_6.8.0-1008.8_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-6817-3) linux-image-gke_6.8.0-1004.7_amd64.debLinux
Linux kernel for Oracle Cloud systems (USN-6878-1) linux-image-6.8.0-1006-oracle_6.8.0-1006.6_amd64.debLinux
Linux kernel for Oracle Cloud systems (USN-6878-1) linux-image-oracle_6.8.0-1006.6_amd64.debLinux
SUSE-SU-2024:2135-1(Public Cloud Module 15-SP6 ) kernel-syms-azure-6.4.0-150600.8.5.1.x86_64.rpmLinux
SUSE-SU-2024:2135-1(Public Cloud Module 15-SP6 ) kernel-source-azure-6.4.0-150600.8.5.4.noarch.rpmLinux
SUSE-SU-2024:2135-1(Public Cloud Module 15-SP6 ) kernel-devel-azure-6.4.0-150600.8.5.4.noarch.rpmLinux
SUSE-SU-2024:2135-1(Public Cloud Module 15-SP6 ) kernel-azure-devel-debuginfo-6.4.0-150600.8.5.4.x86_64.rpmLinux
SUSE-SU-2024:2135-1(Public Cloud Module 15-SP6 ) kernel-azure-devel-6.4.0-150600.8.5.4.x86_64.rpmLinux
SUSE-SU-2024:2135-1(Public Cloud Module 15-SP6 ) kernel-azure-debugsource-6.4.0-150600.8.5.4.x86_64.rpmLinux
SUSE-SU-2024:2135-1(Public Cloud Module 15-SP6 ) kernel-azure-debuginfo-6.4.0-150600.8.5.4.x86_64.rpmLinux
SUSE-SU-2024:2135-1(Public Cloud Module 15-SP6 ) kernel-azure-6.4.0-150600.8.5.4.x86_64.rpmLinux
SUSE-SU-2024:2203-1(Legacy Module 15-SP6 ) reiserfs-kmp-default-debuginfo-6.4.0-150600.23.7.3.x86_64.rpmLinux
SUSE-SU-2024:2203-1(Legacy Module 15-SP6 ) reiserfs-kmp-default-6.4.0-150600.23.7.3.x86_64.rpmLinux
SUSE-SU-2024:2203-1(Development Tools Module 15-SP6 ) kernel-syms-6.4.0-150600.23.7.1.x86_64.rpmLinux
SUSE-SU-2024:2203-1(Development Tools Module 15-SP6 ) kernel-source-6.4.0-150600.23.7.2.noarch.rpmLinux
SUSE-SU-2024:2203-1(Development Tools Module 15-SP6 ) kernel-obs-build-debugsource-6.4.0-150600.23.7.3.x86_64.rpmLinux
SUSE-SU-2024:2203-1(Development Tools Module 15-SP6 ) kernel-obs-build-6.4.0-150600.23.7.3.x86_64.rpmLinux
SUSE-SU-2024:2203-1(Basesystem Module 15-SP6 ) kernel-macros-6.4.0-150600.23.7.2.noarch.rpmLinux
SUSE-SU-2024:2203-1(Development Tools Module 15-SP6 ) kernel-docs-6.4.0-150600.23.7.4.noarch.rpmLinux
SUSE-SU-2024:2203-1(Basesystem Module 15-SP6 ) kernel-devel-6.4.0-150600.23.7.2.noarch.rpmLinux
SUSE-SU-2024:2203-1(Basesystem Module 15-SP6 ) kernel-default-devel-debuginfo-6.4.0-150600.23.7.3.x86_64.rpmLinux
SUSE-SU-2024:2203-1(Basesystem Module 15-SP6 ) kernel-default-devel-6.4.0-150600.23.7.3.x86_64.rpmLinux
SUSE-SU-2024:2203-1(Basesystem Module 15-SP6 ) kernel-default-debugsource-6.4.0-150600.23.7.3.x86_64.rpmLinux
SUSE-SU-2024:2203-1(Basesystem Module 15-SP6 ) kernel-default-debuginfo-6.4.0-150600.23.7.3.x86_64.rpmLinux
SUSE-SU-2024:2203-1(Basesystem Module 15-SP6 ) kernel-default-base-6.4.0-150600.23.7.3.150600.12.2.7.x86_64.rpmLinux
SUSE-SU-2024:2203-1(Basesystem Module 15-SP6 ) kernel-default-6.4.0-150600.23.7.3.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update rv-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update rtla-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update python3-perf-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update perf-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-uki-virt-addons-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-uki-virt-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-tools-libs-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-tools-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-modules-extra-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-modules-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-modules-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-headers-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-doc-5.14.0-503.11.1.el9_5.noarch.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-devel-matched-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-devel-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-uki-virt-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-modules-extra-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-modules-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-modules-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-devel-matched-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-devel-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-abi-stablelists-5.14.0-503.11.1.el9_5.noarch.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update bpftool-7.4.0-503.11.1.el9_5.x86_64.rpmLinux
kernel Security Update (ALAS2023-2024-696) kernel-livepatch-6.1.84-99.169-1.0-0.amzn2023.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234