{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40983", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.604Z", "datePublished": "2024-07-12T12:33:57.263Z", "dateUpdated": "2024-11-05T09:34:28.348Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:34:28.348Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb's destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n [] Workqueue: crypto cryptd_queue_worker\n [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Call Trace:\n [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n [] tipc_rcv+0xcf5/0x1060 [tipc]\n [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n [] cryptd_aead_crypt+0xdb/0x190\n [] cryptd_queue_worker+0xed/0x190\n [] process_one_work+0x93d/0x17e0"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/tipc/node.c"], "versions": [{"version": "fc1b6d6de220", "lessThan": "3eb1b3962789", "status": "affected", "versionType": "git"}, {"version": "fc1b6d6de220", "lessThan": "692803b39a36", "status": "affected", "versionType": "git"}, {"version": "fc1b6d6de220", "lessThan": "623c90d86a61", "status": "affected", "versionType": "git"}, {"version": "fc1b6d6de220", "lessThan": "b57a4a2dc874", "status": "affected", "versionType": "git"}, {"version": "fc1b6d6de220", "lessThan": "6808b4137167", "status": "affected", "versionType": "git"}, {"version": "fc1b6d6de220", "lessThan": "2ebe8f840c74", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/tipc/node.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.96", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.36", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8"}, {"url": "https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76"}, {"url": "https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2"}, {"url": "https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93"}, {"url": "https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930"}, {"url": "https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269"}], "title": "tipc: force a dst refcount before doing decryption", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.020Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40983", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:02:13.493957Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:21.167Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.020Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40983", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:02:13.493957Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.157Z"}}], "cna": {"title": "tipc: force a dst refcount before doing decryption", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "fc1b6d6de220", "lessThan": "3eb1b3962789", "versionType": "git"}, {"status": "affected", "version": "fc1b6d6de220", "lessThan": "692803b39a36", "versionType": "git"}, {"status": "affected", "version": "fc1b6d6de220", "lessThan": "623c90d86a61", "versionType": "git"}, {"status": "affected", "version": "fc1b6d6de220", "lessThan": "b57a4a2dc874", "versionType": "git"}, {"status": "affected", "version": "fc1b6d6de220", "lessThan": "6808b4137167", "versionType": "git"}, {"status": "affected", "version": "fc1b6d6de220", "lessThan": "2ebe8f840c74", "versionType": "git"}], "programFiles": ["net/tipc/node.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.5"}, {"status": "unaffected", "version": "0", "lessThan": "5.5", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.221", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.96", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.36", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.7", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/tipc/node.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8"}, {"url": "https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76"}, {"url": "https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2"}, {"url": "https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93"}, {"url": "https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930"}, {"url": "https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb's destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n [] Workqueue: crypto cryptd_queue_worker\n [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Call Trace:\n [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n [] tipc_rcv+0xcf5/0x1060 [tipc]\n [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n [] cryptd_aead_crypt+0xdb/0x190\n [] cryptd_queue_worker+0xed/0x190\n [] process_one_work+0x93d/0x17e0"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:52:46.534Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40983", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:21.167Z", "dateReserved": "2024-07-12T12:17:45.604Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:33:57.263Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb's destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n [] Workqueue: crypto cryptd_queue_worker\n [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Call Trace:\n [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n [] tipc_rcv+0xcf5/0x1060 [tipc]\n [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n [] cryptd_aead_crypt+0xdb/0x190\n [] cryptd_queue_worker+0xed/0x190\n [] process_one_work+0x93d/0x17e0"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: forzar un refcount dst antes de realizar el descifrado como dice en el commit 3bc07321ccc2 (\"xfrm: forzar un refcount dst antes de ingresar los controladores de tipo xfrm\"): \"Las solicitudes criptogr\u00e1ficas pueden regresar as\u00edncronas En este caso, salimos de la regi\u00f3n protegida de rcu, as\u00ed que fuercemos un recuento en la entrada de destino del skb antes de ingresar los controladores de entrada/salida de tipo xfrm. En la ruta de descifrado TIPC tiene el mismo problema, y se debe llamar a skb_dst_force() antes de realizar el descifrado para evitar un posible bloqueo. Shuang inform\u00f3 este problema cuando se activa esta advertencia: [] ADVERTENCIA: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Kdump: cargado Contaminado: GW --------- - - 4.18.0-496.el8.x86_64+debug [] Cola de trabajo: crypto cryptd_queue_worker [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Seguimiento de llamadas: [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc] [] tipc_rcv+ 0xcf5/0x1060 [tipc] [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc] [] cryptd_aead_crypt+0xdb/0x190 [] cryptd_queue_worker+0xed/0x190 [] Process_one_work+0x93d/0x17e0"}], "id": "CVE-2024-40983", "lastModified": "2024-11-21T09:32:00.260", "metrics": {}, "published": "2024-07-12T13:15:19.893", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:8870", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.27.1.rt7.368.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8856", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.27.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:5928", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:5928", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:6267", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.82.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6268", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-04T00:00:00Z"}], "bugzilla": {"description": "kernel: tipc: force a dst refcount before doing decryption", "id": "2297567", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297567"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-911", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntipc: force a dst refcount before doing decryption\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\"Crypto requests might return asynchronous. In this case we leave the\nrcu protected region, so force a refcount on the skb's destination\nentry before we enter the xfrm type input/output handlers.\"\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\nShuang reported this issue when this warning is triggered:\n[] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n[] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n[] Workqueue: crypto cryptd_queue_worker\n[] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n[] Call Trace:\n[] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n[] tipc_rcv+0xcf5/0x1060 [tipc]\n[] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n[] cryptd_aead_crypt+0xdb/0x190\n[] cryptd_queue_worker+0xed/0x190\n[] process_one_work+0x93d/0x17e0"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40983", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40983\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40983\nhttps://lore.kernel.org/linux-cve-announce/2024071201-CVE-2024-40983-e1b1@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.221, kernel 5.15.162, kernel 6.1.96, kernel 6.6.36, kernel 6.9.7, kernel 6.10-rc5"}