{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41081", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.633Z", "datePublished": "2024-07-29T15:04:18.459Z", "dateUpdated": "2024-09-11T17:33:59.351Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T15:04:18.459Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: block BH in ila_output()\n\nAs explained in commit 1378817486d6 (\"tipc: block BH\nbefore using dst_cache\"), net/core/dst_cache.c\nhelpers need to be called with BH disabled.\n\nila_output() is called from lwtunnel_output()\npossibly from process context, and under rcu_read_lock().\n\nWe might be interrupted by a softirq, re-enter ila_output()\nand corrupt dst_cache data structures.\n\nFix the race by using local_bh_disable()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/ila/ila_lwt.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "7435bd2f84a2", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "96103371091c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a0cafb7b0b94", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "feac2391e26b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "b4eb25a3d70d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "522c3336c202", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "9f9c79d8e527", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "cf28ff8e4c02", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/ila/ila_lwt.c"], "versions": [{"version": "4.19.319", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.281", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.223", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.164", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.101", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.42", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.11", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7435bd2f84a25aba607030237261b3795ba782da"}, {"url": "https://git.kernel.org/stable/c/96103371091c6476eb07f4c66624bdd1b42f758a"}, {"url": "https://git.kernel.org/stable/c/a0cafb7b0b94d18e4813ee4b712a056f280e7b5a"}, {"url": "https://git.kernel.org/stable/c/feac2391e26b086f73be30e9b1ab215eada8d830"}, {"url": "https://git.kernel.org/stable/c/b4eb25a3d70df925a9fa4e82d17a958a0a228f5f"}, {"url": "https://git.kernel.org/stable/c/522c3336c2025818fa05e9daf0ac35711e55e316"}, {"url": "https://git.kernel.org/stable/c/9f9c79d8e527d867e0875868b14fb76e6011e70c"}, {"url": "https://git.kernel.org/stable/c/cf28ff8e4c02e1ffa850755288ac954b6ff0db8c"}], "title": "ila: block BH in ila_output()", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:51.185Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7435bd2f84a25aba607030237261b3795ba782da", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/96103371091c6476eb07f4c66624bdd1b42f758a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a0cafb7b0b94d18e4813ee4b712a056f280e7b5a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/feac2391e26b086f73be30e9b1ab215eada8d830", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b4eb25a3d70df925a9fa4e82d17a958a0a228f5f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/522c3336c2025818fa05e9daf0ac35711e55e316", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f9c79d8e527d867e0875868b14fb76e6011e70c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf28ff8e4c02e1ffa850755288ac954b6ff0db8c", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41081", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:21:05.349089Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:59.351Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7435bd2f84a25aba607030237261b3795ba782da", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/96103371091c6476eb07f4c66624bdd1b42f758a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a0cafb7b0b94d18e4813ee4b712a056f280e7b5a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/feac2391e26b086f73be30e9b1ab215eada8d830", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b4eb25a3d70df925a9fa4e82d17a958a0a228f5f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/522c3336c2025818fa05e9daf0ac35711e55e316", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f9c79d8e527d867e0875868b14fb76e6011e70c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf28ff8e4c02e1ffa850755288ac954b6ff0db8c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:51.185Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41081", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:21:05.349089Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:19.999Z"}}], "cna": {"title": "ila: block BH in ila_output()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "7435bd2f84a2", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "96103371091c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a0cafb7b0b94", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "feac2391e26b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "b4eb25a3d70d", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "522c3336c202", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "9f9c79d8e527", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "cf28ff8e4c02", "versionType": "git"}], "programFiles": ["net/ipv6/ila/ila_lwt.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.19.319", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.281", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.223", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.164", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.101", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.42", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.11", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/ipv6/ila/ila_lwt.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7435bd2f84a25aba607030237261b3795ba782da"}, {"url": "https://git.kernel.org/stable/c/96103371091c6476eb07f4c66624bdd1b42f758a"}, {"url": "https://git.kernel.org/stable/c/a0cafb7b0b94d18e4813ee4b712a056f280e7b5a"}, {"url": "https://git.kernel.org/stable/c/feac2391e26b086f73be30e9b1ab215eada8d830"}, {"url": "https://git.kernel.org/stable/c/b4eb25a3d70df925a9fa4e82d17a958a0a228f5f"}, {"url": "https://git.kernel.org/stable/c/522c3336c2025818fa05e9daf0ac35711e55e316"}, {"url": "https://git.kernel.org/stable/c/9f9c79d8e527d867e0875868b14fb76e6011e70c"}, {"url": "https://git.kernel.org/stable/c/cf28ff8e4c02e1ffa850755288ac954b6ff0db8c"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: block BH in ila_output()\n\nAs explained in commit 1378817486d6 (\"tipc: block BH\nbefore using dst_cache\"), net/core/dst_cache.c\nhelpers need to be called with BH disabled.\n\nila_output() is called from lwtunnel_output()\npossibly from process context, and under rcu_read_lock().\n\nWe might be interrupted by a softirq, re-enter ila_output()\nand corrupt dst_cache data structures.\n\nFix the race by using local_bh_disable()."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T15:04:18.459Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41081", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:59.351Z", "dateReserved": "2024-07-12T12:17:45.633Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T15:04:18.459Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: block BH in ila_output()\n\nAs explained in commit 1378817486d6 (\"tipc: block BH\nbefore using dst_cache\"), net/core/dst_cache.c\nhelpers need to be called with BH disabled.\n\nila_output() is called from lwtunnel_output()\npossibly from process context, and under rcu_read_lock().\n\nWe might be interrupted by a softirq, re-enter ila_output()\nand corrupt dst_cache data structures.\n\nFix the race by using local_bh_disable()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ila: bloquear BH en ila_output() Como se explica en la confirmaci\u00f3n 1378817486d6 (\"tipc: bloquear BH antes de usar dst_cache\"), los ayudantes net/core/dst_cache.c deben llamarse con BH desactivado. ila_output() se llama desde lwtunnel_output() posiblemente desde el contexto del proceso y bajo rcu_read_lock(). Podr\u00edamos ser interrumpidos por un softirq, volver a ingresar a ila_output() y da\u00f1ar las estructuras de datos dst_cache. Arregle la carrera usando local_bh_disable()."}], "id": "CVE-2024-41081", "lastModified": "2024-07-29T16:21:52.517", "metrics": {}, "published": "2024-07-29T15:15:15.593", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/522c3336c2025818fa05e9daf0ac35711e55e316"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7435bd2f84a25aba607030237261b3795ba782da"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/96103371091c6476eb07f4c66624bdd1b42f758a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9f9c79d8e527d867e0875868b14fb76e6011e70c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a0cafb7b0b94d18e4813ee4b712a056f280e7b5a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b4eb25a3d70df925a9fa4e82d17a958a0a228f5f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cf28ff8e4c02e1ffa850755288ac954b6ff0db8c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/feac2391e26b086f73be30e9b1ab215eada8d830"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ila: block BH in ila_output()", "id": "2300458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300458"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-667", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nila: block BH in ila_output()\nAs explained in commit 1378817486d6 (\"tipc: block BH\nbefore using dst_cache\"), net/core/dst_cache.c\nhelpers need to be called with BH disabled.\nila_output() is called from lwtunnel_output()\npossibly from process context, and under rcu_read_lock().\nWe might be interrupted by a softirq, re-enter ila_output()\nand corrupt dst_cache data structures.\nFix the race by using local_bh_disable().", "A race condition flaw was found in the Linux kernel's IP Last Anomaly (ILA) subsystem. This issue occurs when the `ila_output()` function, called from `lwtunnel_output()` in process context and under RCU read lock, could be interrupted by a softirq, leading to potential corruption of `dst_cache` data structures."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41081", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41081\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41081\nhttps://lore.kernel.org/linux-cve-announce/2024072926-CVE-2024-41081-2552@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.319, kernel 5.4.281, kernel 5.10.223, kernel 5.15.164, kernel 6.1.101, kernel 6.6.42, kernel 6.9.11, kernel 6.10"}