{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-38659", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-21T10:12:11.472Z", "datePublished": "2024-06-21T10:28:15.337Z", "dateUpdated": "2024-11-05T09:31:26.707Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:31:26.707Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nenic: Validate length of nl attributes in enic_set_vf_port\n\nenic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE\nis of length PORT_PROFILE_MAX and that the nl attributes\nIFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX.\nThese attributes are validated (in the function do_setlink in rtnetlink.c)\nusing the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE\nas NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and\nIFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation\nusing the policy is for the max size of the attributes and not on exact\nsize so the length of these attributes might be less than the sizes that\nenic_set_vf_port expects. This might cause an out of bands\nread access in the memcpys of the data of these\nattributes in enic_set_vf_port."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/cisco/enic/enic_main.c"], "versions": [{"version": "f8bd909183ac", "lessThan": "2b649d7e0cb4", "status": "affected", "versionType": "git"}, {"version": "f8bd909183ac", "lessThan": "ca63fb7af9d3", "status": "affected", "versionType": "git"}, {"version": "f8bd909183ac", "lessThan": "3c0d36972edb", "status": "affected", "versionType": "git"}, {"version": "f8bd909183ac", "lessThan": "25571a12fbc8", "status": "affected", "versionType": "git"}, {"version": "f8bd909183ac", "lessThan": "7077c22f84f4", "status": "affected", "versionType": "git"}, {"version": "f8bd909183ac", "lessThan": "f6638e955ca0", "status": "affected", "versionType": "git"}, {"version": "f8bd909183ac", "lessThan": "aee1955a1509", "status": "affected", "versionType": "git"}, {"version": "f8bd909183ac", "lessThan": "e8021b94b041", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/cisco/enic/enic_main.c"], "versions": [{"version": "2.6.35", "status": "affected"}, {"version": "0", "lessThan": "2.6.35", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.316", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.278", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.219", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.4", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600"}, {"url": "https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d"}, {"url": "https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227"}, {"url": "https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7"}, {"url": "https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5"}, {"url": "https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c"}, {"url": "https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31"}, {"url": "https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449"}], "title": "enic: Validate length of nl attributes in enic_set_vf_port", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-21T13:26:27.611937Z", "id": "CVE-2024-38659", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T13:26:37.555Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:26.044Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38659", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-21T13:26:27.611937Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T13:26:32.928Z"}}], "cna": {"title": "enic: Validate length of nl attributes in enic_set_vf_port", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f8bd909183ac", "lessThan": "2b649d7e0cb4", "versionType": "git"}, {"status": "affected", "version": "f8bd909183ac", "lessThan": "ca63fb7af9d3", "versionType": "git"}, {"status": "affected", "version": "f8bd909183ac", "lessThan": "3c0d36972edb", "versionType": "git"}, {"status": "affected", "version": "f8bd909183ac", "lessThan": "25571a12fbc8", "versionType": "git"}, {"status": "affected", "version": "f8bd909183ac", "lessThan": "7077c22f84f4", "versionType": "git"}, {"status": "affected", "version": "f8bd909183ac", "lessThan": "f6638e955ca0", "versionType": "git"}, {"status": "affected", "version": "f8bd909183ac", "lessThan": "aee1955a1509", "versionType": "git"}, {"status": "affected", "version": "f8bd909183ac", "lessThan": "e8021b94b041", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/cisco/enic/enic_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.35"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.35", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.316", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.278", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.219", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.161", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.93", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.4", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/cisco/enic/enic_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600"}, {"url": "https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d"}, {"url": "https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227"}, {"url": "https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7"}, {"url": "https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5"}, {"url": "https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c"}, {"url": "https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31"}, {"url": "https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nenic: Validate length of nl attributes in enic_set_vf_port\n\nenic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE\nis of length PORT_PROFILE_MAX and that the nl attributes\nIFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX.\nThese attributes are validated (in the function do_setlink in rtnetlink.c)\nusing the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE\nas NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and\nIFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation\nusing the policy is for the max size of the attributes and not on exact\nsize so the length of these attributes might be less than the sizes that\nenic_set_vf_port expects. This might cause an out of bands\nread access in the memcpys of the data of these\nattributes in enic_set_vf_port."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:49:34.623Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38659", "state": "PUBLISHED", "dateUpdated": "2024-07-15T06:49:34.623Z", "dateReserved": "2024-06-21T10:12:11.472Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-21T10:28:15.337Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nenic: Validate length of nl attributes in enic_set_vf_port\n\nenic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE\nis of length PORT_PROFILE_MAX and that the nl attributes\nIFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX.\nThese attributes are validated (in the function do_setlink in rtnetlink.c)\nusing the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE\nas NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and\nIFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation\nusing the policy is for the max size of the attributes and not on exact\nsize so the length of these attributes might be less than the sizes that\nenic_set_vf_port expects. This might cause an out of bands\nread access in the memcpys of the data of these\nattributes in enic_set_vf_port."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: enic: Validar la longitud de los atributos nl en enic_set_vf_port enic_set_vf_port supone que el atributo nl IFLA_PORT_PROFILE tiene una longitud PORT_PROFILE_MAX y que los atributos nl IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID tienen una longitud PORT_UUID_MAX. Estos atributos se validan (en la funci\u00f3n do_setlink en rtnetlink.c) usando nla_policy ifla_port_policy. La pol\u00edtica define IFLA_PORT_PROFILE como NLA_STRING, IFLA_PORT_INSTANCE_UUID como NLA_BINARY e IFLA_PORT_HOST_UUID como NLA_STRING. Eso significa que la validaci\u00f3n de longitud que utiliza la pol\u00edtica es para el tama\u00f1o m\u00e1ximo de los atributos y no para el tama\u00f1o exacto, por lo que la longitud de estos atributos puede ser menor que los tama\u00f1os que espera enic_set_vf_port. Esto podr\u00eda causar un acceso de lectura fuera de banda en los memcpys de los datos de estos atributos en enic_set_vf_port."}], "id": "CVE-2024-38659", "lastModified": "2024-07-15T07:15:14.163", "metrics": {}, "published": "2024-06-21T11:15:12.480", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: enic: Validate length of nl attributes in enic_set_vf_port", "id": "2293655", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293655"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nenic: Validate length of nl attributes in enic_set_vf_port\nenic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE\nis of length PORT_PROFILE_MAX and that the nl attributes\nIFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX.\nThese attributes are validated (in the function do_setlink in rtnetlink.c)\nusing the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE\nas NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and\nIFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation\nusing the policy is for the max size of the attributes and not on exact\nsize so the length of these attributes might be less than the sizes that\nenic_set_vf_port expects. This might cause an out of bands\nread access in the memcpys of the data of these\nattributes in enic_set_vf_port."], "name": "CVE-2024-38659", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38659\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38659\nhttps://lore.kernel.org/linux-cve-announce/2024062118-CVE-2024-38659-d373@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.316, kernel 5.4.278, kernel 5.10.219, kernel 5.15.161, kernel 6.1.93, kernel 6.6.33, kernel 6.9.4, kernel 6.10-rc2"}