In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
syzbot found __ip6_tnl_rcv() could access unitiliazed data [1].
Call pskb_inet_may_pull() to fix this, and initialize ipv6h
variable after this call as it can change skb->head.
[1]
BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]
BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]
BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321
__INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]
INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]
IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321
ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727
__ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845
ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888
gre_rcv+0x143f/0x1870
ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438
ip6_input_finish net/ipv6/ip6_input.c:483 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492
ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586
dst_input include/net/dst.h:461 [inline]
ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79
NF_HOOK include/linux/netfilter.h:314 [inline]
ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310
__netif_receive_skb_one_core net/core/dev.c:5532 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646
netif_receive_skb_internal net/core/dev.c:5732 [inline]
netif_receive_skb+0x58/0x660 net/core/dev.c:5791
tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555
tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
call_write_iter include/linux/fs.h:2084 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0x786/0x1200 fs/read_write.c:590
ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:652
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline]
kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
__alloc_skb+0x318/0x740 net/core/skbuff.c:651
alloc_skb include/linux/skbuff.h:1286 [inline]
alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334
sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787
tun_alloc_skb drivers/net/tun.c:1531 [inline]
tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
call_write_iter include/linux/fs.h:2084 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0x786/0x1200 fs/read_write.c:590
ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:652
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Debian |
|
| Linux |
|
| Netapp |
|
| Redhat |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
| AND |
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 9 | |||
| kernel-0:5.14.0-503.11.1.el9_5 | cpe:/a:redhat:enterprise_linux:9 | RHSA-2024:9315 | 2024-11-12T00:00:00Z |
| kernel-0:5.14.0-503.11.1.el9_5 | cpe:/o:redhat:enterprise_linux:9 | RHSA-2024:9315 | 2024-11-12T00:00:00Z |
References
History
Fri, 28 Mar 2025 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Netapp fas9500
Netapp fas9500 Firmware |
|
| CPEs | cpe:2.3:o:netapp:a9500_firmware:-:*:*:*:*:*:*:* |
cpe:2.3:h:netapp:fas9500:*:*:*:*:*:*:*:* cpe:2.3:o:netapp:fas9500_firmware:-:*:*:*:*:*:*:* |
| Vendors & Products |
Netapp a9500
Netapp a9500 Firmware |
Netapp fas9500
Netapp fas9500 Firmware |
Mon, 10 Mar 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Debian
Debian debian Linux Linux Linux linux Kernel Netapp Netapp a150 Netapp a150 Firmware Netapp a220 Netapp a220 Firmware Netapp a800 Netapp a800 Firmware Netapp a900 Netapp a900 Firmware Netapp a9500 Netapp a9500 Firmware Netapp active Iq Unified Manager Netapp c190 Netapp c190 Firmware Netapp c800 Netapp c800 Firmware Netapp fas2720 Netapp fas2720 Firmware Netapp fas2750 Netapp fas2750 Firmware Netapp fas2820 Netapp fas2820 Firmware Netapp ontap Select Deploy Administration Utility |
|
| Weaknesses | CWE-908 | |
| CPEs | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a150:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:a220:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:a800:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:a900:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:a9500:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:c190:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:c800:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:fas2720:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:fas2750:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:fas2820:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:* cpe:2.3:o:netapp:a150_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a900_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a9500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:c800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:fas2820_firmware:-:*:*:*:*:*:*:* |
|
| Vendors & Products |
Debian
Debian debian Linux Linux Linux linux Kernel Netapp Netapp a150 Netapp a150 Firmware Netapp a220 Netapp a220 Firmware Netapp a800 Netapp a800 Firmware Netapp a900 Netapp a900 Firmware Netapp a9500 Netapp a9500 Firmware Netapp active Iq Unified Manager Netapp c190 Netapp c190 Firmware Netapp c800 Netapp c800 Firmware Netapp fas2720 Netapp fas2720 Firmware Netapp fas2750 Netapp fas2750 Firmware Netapp fas2820 Netapp fas2820 Firmware Netapp ontap Select Deploy Administration Utility |
Fri, 22 Nov 2024 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Wed, 13 Nov 2024 02:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat
Redhat enterprise Linux |
|
| CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9 |
|
| Vendors & Products |
Redhat
Redhat enterprise Linux |
Tue, 05 Nov 2024 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2024-12-19T08:44:03.484Z
Reserved: 2024-02-19T14:20:24.137Z
Link: CVE-2024-26641
Vulnrichment
Updated: 2024-11-08T15:02:48.742Z
NVD
Status : Analyzed
Published: 2024-03-18T11:15:11.193
Modified: 2025-03-28T16:17:08.557
Link: CVE-2024-26641
Redhat