CVE-2024-35901
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35901
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35901.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35901
- Related
- Published
- 2024-05-19T09:15:10Z
- Modified
- 2024-09-18T03:26:19.503851Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix Rx DMA datasize and skboverpanic
managetrxbufcfg() aligns the RX buffer's DMA datasize to be multiple of 64. So a packet slightly bigger than mtu+14, say 1536, can be received and cause skbover_panic.
Sample dmesg: [ 5325.237162] skbuff: skboverpanic: text:ffffffffc043277a len:1536 put:1536 head:ff1100018b517000 data:ff1100018b517100 tail:0x700 end:0x6ea dev:<NULL> [ 5325.243689] ------------[ cut here ]------------ [ 5325.245748] kernel BUG at net/core/skbuff.c:192! [ 5325.247838] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 5325.258374] RIP: 0010:skbpanic+0x4f/0x60 [ 5325.302941] Call Trace: [ 5325.304389] <IRQ> [ 5325.315794] ? skbpanic+0x4f/0x60 [ 5325.317457] ? asmexcinvalidop+0x1f/0x30 [ 5325.319490] ? skbpanic+0x4f/0x60 [ 5325.321161] skbput+0x4e/0x50 [ 5325.322670] manapoll+0x6fa/0xb50 [mana] [ 5325.324578] _napipoll+0x33/0x1e0 [ 5325.326328] netrxaction+0x12e/0x280
As discussed internally, this alignment is not necessary. To fix this bug, remove it from the code. So oversized packets will be marked as CQERXTRUNCATED by NIC, and dropped.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.8.9-1