CVE-2024-26733 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") just silenced syzkaller. [0]: memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK>

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel
Netapp	8200 8200 Firmware 8300 8300 Firmware 8700 8700 Firmware 9000 9000 Firmware 9500 9500 Firmware A150 A150 Firmware A1k A1k Firmware A220 A220 Firmware A300 A300 Firmware A320 A320 Firmware A400 A400 Firmware A70 A700 A700 Firmware A700s A700s Firmware A70 Firmware A800 A800 Firmware A90 A900 A900 Firmware A90 Firmware C190 C190 Firmware C400 C400 Firmware C800 C800 Firmware E-series Santricity Os Controller Fas2720 Fas2720 Firmware Fas2750 Fas2750 Firmware Fas2820 Fas2820 Firmware H610c H610c Firmware H610s H610s Firmware H615c H615c Firmware
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.10.211:::::::*
	cpe:2.3:o:linux:linux_kernel:6.8:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc5::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netapp:a1k_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a1k:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netapp:a70_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a70:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:a90_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a90:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a700s:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:8300:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:8700:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a400:*:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:c400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:c400:*:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a320:*:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a800:*:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netapp:c800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:c800:*:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netapp:a900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a900:*:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netapp:9500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:9500:*:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:c190:*:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:netapp:a150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a150:*:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a220:*:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2720:*:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2750:*:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:netapp:fas2820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2820:*:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:netapp:a300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a300:*:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:netapp:8200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:8200:*:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:netapp:a700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a700:*:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:netapp:9000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:9000:*:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610c:*:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:*:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:*:*:*:*:*:*:*:*

Configuration 29 [-]

cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:5102	2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:5101	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
kernel-0:4.18.0-372.113.1.el8_6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2024:4902	2024-07-29T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
kernel-0:4.18.0-372.113.1.el8_6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2024:4902	2024-07-29T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
kernel-0:4.18.0-372.113.1.el8_6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2024:4902	2024-07-29T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.67.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:5255	2024-08-13T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a
https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50
https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91
https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667
https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587
https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lore.kernel.org/linux-cve-announce/2024040358-CVE-2024-26733-617f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26733
https://security.netapp.com/advisory/ntap-20241101-0013/
https://www.cve.org/CVERecord?id=CVE-2024-26733

History

Mon, 17 Mar 2025 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux Linux Linux linux Kernel Netapp Netapp 8200 Netapp 8200 Firmware Netapp 8300 Netapp 8300 Firmware Netapp 8700 Netapp 8700 Firmware Netapp 9000 Netapp 9000 Firmware Netapp 9500 Netapp 9500 Firmware Netapp a150 Netapp a150 Firmware Netapp a1k Netapp a1k Firmware Netapp a220 Netapp a220 Firmware Netapp a300 Netapp a300 Firmware Netapp a320 Netapp a320 Firmware Netapp a400 Netapp a400 Firmware Netapp a70 Netapp a700 Netapp a700 Firmware Netapp a700s Netapp a700s Firmware Netapp a70 Firmware Netapp a800 Netapp a800 Firmware Netapp a90 Netapp a900 Netapp a900 Firmware Netapp a90 Firmware Netapp c190 Netapp c190 Firmware Netapp c400 Netapp c400 Firmware Netapp c800 Netapp c800 Firmware Netapp e-series Santricity Os Controller Netapp fas2720 Netapp fas2720 Firmware Netapp fas2750 Netapp fas2750 Firmware Netapp fas2820 Netapp fas2820 Firmware Netapp h610c Netapp h610c Firmware Netapp h610s Netapp h610s Firmware Netapp h615c Netapp h615c Firmware
Weaknesses		CWE-787
CPEs		cpe:2.3:a:netapp:e-series_santricity_os_controller:::::::: cpe:2.3:h:netapp:8200:::::::: cpe:2.3:h:netapp:8300:::::::: cpe:2.3:h:netapp:8700:::::::: cpe:2.3:h:netapp:9000:::::::: cpe:2.3:h:netapp:9500:::::::: cpe:2.3:h:netapp:a150:::::::: cpe:2.3:h:netapp:a1k:::::::: cpe:2.3:h:netapp:a220:::::::: cpe:2.3:h:netapp:a300:::::::: cpe:2.3:h:netapp:a320:::::::: cpe:2.3:h:netapp:a400:::::::: cpe:2.3:h:netapp:a700:::::::: cpe:2.3:h:netapp:a700s:::::::: cpe:2.3:h:netapp:a70:::::::: cpe:2.3:h:netapp:a800:::::::: cpe:2.3:h:netapp:a900:::::::: cpe:2.3:h:netapp:a90:::::::: cpe:2.3:h:netapp:c190:::::::: cpe:2.3:h:netapp:c400:::::::: cpe:2.3:h:netapp:c800:::::::: cpe:2.3:h:netapp:fas2720:::::::: cpe:2.3:h:netapp:fas2750:::::::: cpe:2.3:h:netapp:fas2820:::::::: cpe:2.3:h:netapp:h610c:::::::: cpe:2.3:h:netapp:h610s:::::::: cpe:2.3:h:netapp:h615c:::::::: cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.10.211:::::::* cpe:2.3:o:linux:linux_kernel:6.8:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc5:::::: cpe:2.3:o:netapp:8200_firmware:-:::::::* cpe:2.3:o:netapp:8300_firmware:-:::::::* cpe:2.3:o:netapp:8700_firmware:-:::::::* cpe:2.3:o:netapp:9000_firmware:-:::::::* cpe:2.3:o:netapp:9500_firmware:-:::::::* cpe:2.3:o:netapp:a150_firmware:-:::::::* cpe:2.3:o:netapp:a1k_firmware:-:::::::* cpe:2.3:o:netapp:a220_firmware:-:::::::* cpe:2.3:o:netapp:a300_firmware:-:::::::* cpe:2.3:o:netapp:a320_firmware:-:::::::* cpe:2.3:o:netapp:a400_firmware:-:::::::* cpe:2.3:o:netapp:a700_firmware:-:::::::* cpe:2.3:o:netapp:a700s_firmware:-:::::::* cpe:2.3:o:netapp:a70_firmware:-:::::::* cpe:2.3:o:netapp:a800_firmware:-:::::::* cpe:2.3:o:netapp:a900_firmware:-:::::::* cpe:2.3:o:netapp:a90_firmware:-:::::::* cpe:2.3:o:netapp:c190_firmware:-:::::::* cpe:2.3:o:netapp:c400_firmware:-:::::::* cpe:2.3:o:netapp:c800_firmware:-:::::::* cpe:2.3:o:netapp:fas2720_firmware:-:::::::* cpe:2.3:o:netapp:fas2750_firmware:-:::::::* cpe:2.3:o:netapp:fas2820_firmware:-:::::::* cpe:2.3:o:netapp:h610c_firmware:-:::::::* cpe:2.3:o:netapp:h610s_firmware:-:::::::* cpe:2.3:o:netapp:h615c_firmware:-:::::::*
Vendors & Products		Debian Debian debian Linux Linux Linux linux Kernel Netapp Netapp 8200 Netapp 8200 Firmware Netapp 8300 Netapp 8300 Firmware Netapp 8700 Netapp 8700 Firmware Netapp 9000 Netapp 9000 Firmware Netapp 9500 Netapp 9500 Firmware Netapp a150 Netapp a150 Firmware Netapp a1k Netapp a1k Firmware Netapp a220 Netapp a220 Firmware Netapp a300 Netapp a300 Firmware Netapp a320 Netapp a320 Firmware Netapp a400 Netapp a400 Firmware Netapp a70 Netapp a700 Netapp a700 Firmware Netapp a700s Netapp a700s Firmware Netapp a70 Firmware Netapp a800 Netapp a800 Firmware Netapp a90 Netapp a900 Netapp a900 Firmware Netapp a90 Firmware Netapp c190 Netapp c190 Firmware Netapp c400 Netapp c400 Firmware Netapp c800 Netapp c800 Firmware Netapp e-series Santricity Os Controller Netapp fas2720 Netapp fas2720 Firmware Netapp fas2750 Netapp fas2750 Firmware Netapp fas2820 Netapp fas2820 Firmware Netapp h610c Netapp h610c Firmware Netapp h610s Netapp h610s Firmware Netapp h615c Netapp h615c Firmware

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://security.netapp.com/advisory/ntap-20241101-0013/

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/o:redhat:rhel_eus:8.8
Vendors & Products		Redhat rhel Eus

Thu, 08 Aug 2024 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-03T17:00:20.437Z

Updated: 2024-12-19T08:46:05.705Z

Reserved: 2024-02-19T14:20:24.165Z

Link: CVE-2024-26733

Vulnrichment

Updated: 2024-11-01T17:03:11.240Z

NVD

Status : Analyzed

Published: 2024-04-03T17:15:51.040

Modified: 2025-03-17T16:02:47.887

Link: CVE-2024-26733

Redhat

Severity : Moderate

Publid Date: 2024-04-03T00:00:00Z

Links: CVE-2024-26733 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object