{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-56647", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-27T15:00:39.840Z", "datePublished": "2024-12-27T15:02:47.969Z", "dateUpdated": "2025-05-04T10:00:58.215Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T10:00:58.215Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n <IRQ>\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst->out = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst->dev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/icmp.c"], "versions": [{"version": "8b7817f3a959ed99d7443afc12f78a7e1fcc2063", "lessThan": "9545011e7b2a8fc0cbd6e387a09f12cd41d7d82f", "status": "affected", "versionType": "git"}, {"version": "8b7817f3a959ed99d7443afc12f78a7e1fcc2063", "lessThan": "c44daa7e3c73229f7ac74985acb8c7fb909c4e0a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/icmp.c"], "versions": [{"version": "2.6.25", "status": "affected"}, {"version": "0", "lessThan": "2.6.25", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.5", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.25", "versionEndExcluding": "6.12.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.25", "versionEndExcluding": "6.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9545011e7b2a8fc0cbd6e387a09f12cd41d7d82f"}, {"url": "https://git.kernel.org/stable/c/c44daa7e3c73229f7ac74985acb8c7fb909c4e0a"}], "title": "net: Fix icmp host relookup triggering ip_rt_bug", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9393D06-5F2B-4F68-B5D5-C0819E4C7197", "versionEndExcluding": "6.12.5", "versionStartIncluding": "2.6.25", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n <IRQ>\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst->out = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst->dev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: Fix icmp host relookup triggering ip_rt_bug arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is: ADVERTENCIA: CPU: 0 PID: 0 en net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20 M\u00f3dulos vinculados en: CPU: 0 UID: 0 PID: 0 Comm: swapper/0 No contaminado 6.12.0-rc6-00077-g2e1b3cc9d7f7 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 RIP: 0010:ip_rt_bug+0x14/0x20 Seguimiento de llamadas: ip_send_skb+0x14/0x40 __icmp_send+0x42d/0x6a0 error de enlace ipv4+0xe2/0x1d0 informe de error arp+0x3c/0x50 invalidaci\u00f3n vecinal+0x8d/0x100 controlador de temporizador vecinal+0x2e1/0x330 funci\u00f3n de temporizador de llamada+0x21/0x120 __base de temporizador de ejecuci\u00f3n.parte.0+0x1c9/0x270 temporizador de ejecuci\u00f3n softirq+0x4c/0x80 controlador de softirqs+0xac/0x280 irq_exit_rcu+0x62/0x80 sysvec_apic_timer_interrupt+0x77/0x90 El script a continuaci\u00f3n reproduce este escenario: ip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\ dir out priority 0 ptype main flag localok icmp ip la veth1 type veth ip aa 192.168.141.111/24 dev veth0 ip ls veth0 up ping 192.168.141.155 -c 1 icmp_route_lookup() crea rutas de entrada para paquetes generados localmente mientras xfrm vuelve a buscar tr\u00e1fico ICMP. Luego, establecer\u00e1 la ruta de entrada (dst-&gt;out = ip_rt_bug) en skb para DESTUNREACH. Para el error ICMP activado por paquetes generados localmente, dst-&gt;dev de la ruta de salida es loopback. En general, no se requiere la verificaci\u00f3n de reb\u00fasqueda de xfrm en interfaces de bucle invertido (net.ipv4.conf.lo.disable_xfrm = 1). Omita la reb\u00fasqueda de ICMP para paquetes generados localmente para solucionarlo."}], "id": "CVE-2024-56647", "lastModified": "2025-01-06T19:45:53.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-27T15:15:24.467", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9545011e7b2a8fc0cbd6e387a09f12cd41d7d82f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c44daa7e3c73229f7ac74985acb8c7fb909c4e0a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:6966", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:6966", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}], "bugzilla": {"description": "kernel: net: Fix icmp host relookup triggering ip_rt_bug", "id": "2334561", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334561"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: Fix icmp host relookup triggering ip_rt_bug\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n<IRQ>\nip_send_skb+0x14/0x40\n__icmp_send+0x42d/0x6a0\nipv4_link_failure+0xe2/0x1d0\narp_error_report+0x3c/0x50\nneigh_invalidate+0x8d/0x100\nneigh_timer_handler+0x2e1/0x330\ncall_timer_fn+0x21/0x120\n__run_timer_base.part.0+0x1c9/0x270\nrun_timer_softirq+0x4c/0x80\nhandle_softirqs+0xac/0x280\nirq_exit_rcu+0x62/0x80\nsysvec_apic_timer_interrupt+0x77/0x90\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\ndir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst->out = ip_rt_bug) to skb for DESTUNREACH.\nFor ICMP err triggered by locally generated packets, dst->dev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\nSkip icmp relookup for locally generated packets to fix it.", "A denial of service vulnerability was found in the Linux kernel. icmp_route_lookup() creates input routes for locally generated packets during xfrm relookup ICMP traffic. Then it will set the input route (dst->out = ip_rt_bug) to skb for DESTUNREACH, leading to loss of availability of the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-56647", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-56647\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-56647\nhttps://lore.kernel.org/linux-cve-announce/2024122738-CVE-2024-56647-d71f@gregkh/T"], "threat_severity": "Moderate"}

{}