CVE-2024-26633 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendms ---truncated---

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel
Netapp	9500 9500 Firmware A150 A150 Firmware A1k A1k Firmware A220 A220 Firmware A70 A70 Firmware A800 A800 Firmware A90 A900 A900 Firmware A90 Firmware C190 C190 Firmware C800 C800 Firmware Fas2720 Fas2720 Firmware Fas2750 Fas2750 Firmware Fas2820 Fas2820 Firmware H610c H610c Firmware H610s H610s Firmware H615c H615c Firmware Ontap Select Deploy Administration Utility Ontap Tools
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
	cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::

Configuration 4 [-]

AND

cpe:2.3:o:netapp:a1k_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a1k:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:a70_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a70:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:a90_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a90:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a800:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:c800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:c800:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:a900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a900:*:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:9500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:9500:*:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:c190:*:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netapp:a150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a150:*:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a220:*:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2720:*:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2750:*:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:netapp:fas2820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2820:*:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610c:*:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:*:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.13.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2394	2024-04-30T00:00:00Z
kernel-0:5.14.0-427.13.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:2394	2024-04-30T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee
https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c
https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d
https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2
https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183
https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087
https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198
https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/linux-cve-announce/20240318100758.2828621-16-lee@kernel.org/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26633
https://security.netapp.com/advisory/ntap-20241220-0001/
https://www.cve.org/CVERecord?id=CVE-2024-26633

History

Fri, 04 Apr 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux Linux Linux linux Kernel Netapp Netapp 9500 Netapp 9500 Firmware Netapp a150 Netapp a150 Firmware Netapp a1k Netapp a1k Firmware Netapp a220 Netapp a220 Firmware Netapp a70 Netapp a70 Firmware Netapp a800 Netapp a800 Firmware Netapp a90 Netapp a900 Netapp a900 Firmware Netapp a90 Firmware Netapp c190 Netapp c190 Firmware Netapp c800 Netapp c800 Firmware Netapp fas2720 Netapp fas2720 Firmware Netapp fas2750 Netapp fas2750 Firmware Netapp fas2820 Netapp fas2820 Firmware Netapp h610c Netapp h610c Firmware Netapp h610s Netapp h610s Firmware Netapp h615c Netapp h615c Firmware Netapp ontap Select Deploy Administration Utility Netapp ontap Tools
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::* cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere:: cpe:2.3:h:netapp:9500:::::::: cpe:2.3:h:netapp:a150:::::::: cpe:2.3:h:netapp:a1k:::::::: cpe:2.3:h:netapp:a220:::::::: cpe:2.3:h:netapp:a70:::::::: cpe:2.3:h:netapp:a800:::::::: cpe:2.3:h:netapp:a900:::::::: cpe:2.3:h:netapp:a90:::::::: cpe:2.3:h:netapp:c190:::::::: cpe:2.3:h:netapp:c800:::::::: cpe:2.3:h:netapp:fas2720:::::::: cpe:2.3:h:netapp:fas2750:::::::: cpe:2.3:h:netapp:fas2820:::::::: cpe:2.3:h:netapp:h610c:::::::: cpe:2.3:h:netapp:h610s:::::::: cpe:2.3:h:netapp:h615c:::::::: cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:netapp:9500_firmware:-:::::::* cpe:2.3:o:netapp:a150_firmware:-:::::::* cpe:2.3:o:netapp:a1k_firmware:-:::::::* cpe:2.3:o:netapp:a220_firmware:-:::::::* cpe:2.3:o:netapp:a70_firmware:-:::::::* cpe:2.3:o:netapp:a800_firmware:-:::::::* cpe:2.3:o:netapp:a900_firmware:-:::::::* cpe:2.3:o:netapp:a90_firmware:-:::::::* cpe:2.3:o:netapp:c190_firmware:-:::::::* cpe:2.3:o:netapp:c800_firmware:-:::::::* cpe:2.3:o:netapp:fas2720_firmware:-:::::::* cpe:2.3:o:netapp:fas2750_firmware:-:::::::* cpe:2.3:o:netapp:fas2820_firmware:-:::::::* cpe:2.3:o:netapp:h610c_firmware:-:::::::* cpe:2.3:o:netapp:h610s_firmware:-:::::::* cpe:2.3:o:netapp:h615c_firmware:-:::::::*
Vendors & Products		Debian Debian debian Linux Linux Linux linux Kernel Netapp Netapp 9500 Netapp 9500 Firmware Netapp a150 Netapp a150 Firmware Netapp a1k Netapp a1k Firmware Netapp a220 Netapp a220 Firmware Netapp a70 Netapp a70 Firmware Netapp a800 Netapp a800 Firmware Netapp a90 Netapp a900 Netapp a900 Firmware Netapp a90 Firmware Netapp c190 Netapp c190 Firmware Netapp c800 Netapp c800 Firmware Netapp fas2720 Netapp fas2720 Firmware Netapp fas2750 Netapp fas2750 Firmware Netapp fas2820 Netapp fas2820 Firmware Netapp h610c Netapp h610c Firmware Netapp h610s Netapp h610s Firmware Netapp h615c Netapp h615c Firmware Netapp ontap Select Deploy Administration Utility Netapp ontap Tools

Fri, 20 Dec 2024 13:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20241220-0001/

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-18T10:07:49.468Z

Updated: 2024-12-20T13:06:42.426Z

Reserved: 2024-02-19T14:20:24.136Z

Link: CVE-2024-26633

Vulnrichment

Updated: 2024-12-20T13:06:42.426Z

NVD

Status : Analyzed

Published: 2024-03-18T11:15:09.867

Modified: 2025-04-04T14:49:01.373

Link: CVE-2024-26633

Redhat

Severity : Low

Publid Date: 2024-03-18T00:00:00Z

Links: CVE-2024-26633 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object