In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") just silenced syzkaller. [0]: memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK>
History

Wed, 26 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.4

Mon, 17 Mar 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Debian
Debian debian Linux
Linux
Linux linux Kernel
Netapp
Netapp 8200
Netapp 8200 Firmware
Netapp 8300
Netapp 8300 Firmware
Netapp 8700
Netapp 8700 Firmware
Netapp 9000
Netapp 9000 Firmware
Netapp 9500
Netapp 9500 Firmware
Netapp a150
Netapp a150 Firmware
Netapp a1k
Netapp a1k Firmware
Netapp a220
Netapp a220 Firmware
Netapp a300
Netapp a300 Firmware
Netapp a320
Netapp a320 Firmware
Netapp a400
Netapp a400 Firmware
Netapp a70
Netapp a700
Netapp a700 Firmware
Netapp a700s
Netapp a700s Firmware
Netapp a70 Firmware
Netapp a800
Netapp a800 Firmware
Netapp a90
Netapp a900
Netapp a900 Firmware
Netapp a90 Firmware
Netapp c190
Netapp c190 Firmware
Netapp c400
Netapp c400 Firmware
Netapp c800
Netapp c800 Firmware
Netapp e-series Santricity Os Controller
Netapp fas2720
Netapp fas2720 Firmware
Netapp fas2750
Netapp fas2750 Firmware
Netapp fas2820
Netapp fas2820 Firmware
Netapp h610c
Netapp h610c Firmware
Netapp h610s
Netapp h610s Firmware
Netapp h615c
Netapp h615c Firmware
Weaknesses CWE-787
CPEs cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8200:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8300:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8700:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:9000:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:9500:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a150:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a1k:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a220:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a300:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a320:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a400:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a70:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a800:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a900:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a90:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:c190:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:c400:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:c800:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas2720:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas2750:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas2820:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610c:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h615c:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10.211:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
cpe:2.3:o:netapp:8200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:9000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:9500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a150_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a1k_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a70_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:c400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:c800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas2820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
Vendors & Products Debian
Debian debian Linux
Linux
Linux linux Kernel
Netapp
Netapp 8200
Netapp 8200 Firmware
Netapp 8300
Netapp 8300 Firmware
Netapp 8700
Netapp 8700 Firmware
Netapp 9000
Netapp 9000 Firmware
Netapp 9500
Netapp 9500 Firmware
Netapp a150
Netapp a150 Firmware
Netapp a1k
Netapp a1k Firmware
Netapp a220
Netapp a220 Firmware
Netapp a300
Netapp a300 Firmware
Netapp a320
Netapp a320 Firmware
Netapp a400
Netapp a400 Firmware
Netapp a70
Netapp a700
Netapp a700 Firmware
Netapp a700s
Netapp a700s Firmware
Netapp a70 Firmware
Netapp a800
Netapp a800 Firmware
Netapp a90
Netapp a900
Netapp a900 Firmware
Netapp a90 Firmware
Netapp c190
Netapp c190 Firmware
Netapp c400
Netapp c400 Firmware
Netapp c800
Netapp c800 Firmware
Netapp e-series Santricity Os Controller
Netapp fas2720
Netapp fas2720 Firmware
Netapp fas2750
Netapp fas2750 Firmware
Netapp fas2820
Netapp fas2820 Firmware
Netapp h610c
Netapp h610c Firmware
Netapp h610s
Netapp h610s Firmware
Netapp h615c
Netapp h615c Firmware

Fri, 22 Nov 2024 12:00:00 +0000


Wed, 13 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9

Tue, 05 Nov 2024 10:45:00 +0000

Type Values Removed Values Added
References

Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/o:redhat:rhel_eus:8.8
Vendors & Products Redhat rhel Eus

Thu, 08 Aug 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2024-12-19T08:46:05.705Z

Reserved: 2024-02-19T14:20:24.165Z

Link: CVE-2024-26733

cve-icon Vulnrichment

Updated: 2024-11-01T17:03:11.240Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-03T17:15:51.040

Modified: 2025-03-17T16:02:47.887

Link: CVE-2024-26733

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-04-03T00:00:00Z

Links: CVE-2024-26733 - Bugzilla