{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40996", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.607Z", "datePublished": "2024-07-12T12:37:38.454Z", "dateUpdated": "2024-09-11T17:34:19.679Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:53:01.968Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid splat in pskb_pull_reason\n\nsyzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug\nhint in pskb_may_pull.\n\nWe'd like to retain this debug check because it might hint at integer\noverflows and other issues (kernel code should pull headers, not huge\nvalue).\n\nIn bpf case, this splat isn't interesting at all: such (nonsensical)\nbpf programs are typically generated by a fuzzer anyway.\n\nDo what Eric suggested and suppress such warning.\n\nFor CONFIG_DEBUG_NET=n we don't need the extra check because\npskb_may_pull will do the right thing: return an error without the\nWARN() backtrace."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/filter.c"], "versions": [{"version": "8af60bb2b215", "lessThan": "dacc15e9cb24", "status": "affected", "versionType": "git"}, {"version": "1b2b26595bb0", "lessThan": "7f9644782c55", "status": "affected", "versionType": "git"}, {"version": "219eee9c0d16", "lessThan": "5e90258303a3", "status": "affected", "versionType": "git"}, {"version": "219eee9c0d16", "lessThan": "2bbe3e5a2f4e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/filter.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.96", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.36", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/dacc15e9cb248d19e5fc63c54bef0b9b55007761"}, {"url": "https://git.kernel.org/stable/c/7f9644782c559635bd676c12c59389a34ed7c866"}, {"url": "https://git.kernel.org/stable/c/5e90258303a358e88737afb5048bee9113beea3a"}, {"url": "https://git.kernel.org/stable/c/2bbe3e5a2f4ef69d13be54f1cf895b4658287080"}], "title": "bpf: Avoid splat in pskb_pull_reason", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.075Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/dacc15e9cb248d19e5fc63c54bef0b9b55007761", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7f9644782c559635bd676c12c59389a34ed7c866", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5e90258303a358e88737afb5048bee9113beea3a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2bbe3e5a2f4ef69d13be54f1cf895b4658287080", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40996", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:01:32.111725Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:19.679Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40996", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.607Z", "datePublished": "2024-07-12T12:37:38.454Z", "dateUpdated": "2024-08-02T04:39:56.075Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:53:01.968Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid splat in pskb_pull_reason\n\nsyzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug\nhint in pskb_may_pull.\n\nWe'd like to retain this debug check because it might hint at integer\noverflows and other issues (kernel code should pull headers, not huge\nvalue).\n\nIn bpf case, this splat isn't interesting at all: such (nonsensical)\nbpf programs are typically generated by a fuzzer anyway.\n\nDo what Eric suggested and suppress such warning.\n\nFor CONFIG_DEBUG_NET=n we don't need the extra check because\npskb_may_pull will do the right thing: return an error without the\nWARN() backtrace."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/filter.c"], "versions": [{"version": "8af60bb2b215", "lessThan": "dacc15e9cb24", "status": "affected", "versionType": "git"}, {"version": "1b2b26595bb0", "lessThan": "7f9644782c55", "status": "affected", "versionType": "git"}, {"version": "219eee9c0d16", "lessThan": "5e90258303a3", "status": "affected", "versionType": "git"}, {"version": "219eee9c0d16", "lessThan": "2bbe3e5a2f4e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/filter.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.96", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.36", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/dacc15e9cb248d19e5fc63c54bef0b9b55007761"}, {"url": "https://git.kernel.org/stable/c/7f9644782c559635bd676c12c59389a34ed7c866"}, {"url": "https://git.kernel.org/stable/c/5e90258303a358e88737afb5048bee9113beea3a"}, {"url": "https://git.kernel.org/stable/c/2bbe3e5a2f4ef69d13be54f1cf895b4658287080"}], "title": "bpf: Avoid splat in pskb_pull_reason", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40996", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:01:32.111725Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:22.021Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "57BC82B2-9518-4E49-8B35-1E0659D07153", "versionEndExcluding": "6.1.96", "versionStartIncluding": "6.1.86", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "11D787AB-6330-424C-8EDA-145219D31344", "versionEndExcluding": "6.6.36", "versionStartIncluding": "6.6.27", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1833E4E3-20C1-46FE-BE78-1FA23B2452C0", "versionEndExcluding": "6.9.7", "versionStartIncluding": "6.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid splat in pskb_pull_reason\n\nsyzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug\nhint in pskb_may_pull.\n\nWe'd like to retain this debug check because it might hint at integer\noverflows and other issues (kernel code should pull headers, not huge\nvalue).\n\nIn bpf case, this splat isn't interesting at all: such (nonsensical)\nbpf programs are typically generated by a fuzzer anyway.\n\nDo what Eric suggested and suppress such warning.\n\nFor CONFIG_DEBUG_NET=n we don't need the extra check because\npskb_may_pull will do the right thing: return an error without the\nWARN() backtrace."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: evitar splat en pskb_pull_reason compilaciones de syzkaller (CONFIG_DEBUG_NET=y) frecuentemente activa una sugerencia de depuraci\u00f3n en pskb_may_pull. Nos gustar\u00eda conservar esta verificaci\u00f3n de depuraci\u00f3n porque podr\u00eda indicar desbordamientos de enteros y otros problemas (el c\u00f3digo del kernel debe extraer encabezados, no valores enormes). En el caso de bpf, este s\u00edmbolo no es nada interesante: estos programas bpf (sin sentido) normalmente son generados por un fuzzer de todos modos. Haga lo que Eric sugiri\u00f3 y suprima esa advertencia. Para CONFIG_DEBUG_NET=n no necesitamos la verificaci\u00f3n adicional porque pskb_may_pull har\u00e1 lo correcto: devolver un error sin el rastreo WARN()."}], "id": "CVE-2024-40996", "lastModified": "2024-08-21T16:36:14.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:20.740", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2bbe3e5a2f4ef69d13be54f1cf895b4658287080"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5e90258303a358e88737afb5048bee9113beea3a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f9644782c559635bd676c12c59389a34ed7c866"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dacc15e9cb248d19e5fc63c54bef0b9b55007761"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: bpf: Avoid splat in pskb_pull_reason", "id": "2297580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297580"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbpf: Avoid splat in pskb_pull_reason\nsyzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug\nhint in pskb_may_pull.\nWe'd like to retain this debug check because it might hint at integer\noverflows and other issues (kernel code should pull headers, not huge\nvalue).\nIn bpf case, this splat isn't interesting at all: such (nonsensical)\nbpf programs are typically generated by a fuzzer anyway.\nDo what Eric suggested and suppress such warning.\nFor CONFIG_DEBUG_NET=n we don't need the extra check because\npskb_may_pull will do the right thing: return an error without the\nWARN() backtrace.", "A vulnerability found in the Linux kernel\u2019s bpf subsystem, involving a frequent warning (splat) in pskb_may_pull during syzkaller builds (CONFIG_DEBUG_NET=y), has been resolved. The warning, caused by nonsensical BPF programs generated by fuzzers, was suppressed as it provided no useful information. For non-debug builds (CONFIG_DEBUG_NET=n), the check is unnecessary, as pskb_may_pull handles errors without triggering warnings."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40996", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40996\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40996\nhttps://lore.kernel.org/linux-cve-announce/2024071251-CVE-2024-40996-3e04@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.96, kernel 6.6.36, kernel 6.9.7, kernel 6.10-rc5"}