5.5

CVE-2024-27431

cpumap: Zero-initialise xdp_rxq_info struct before running XDP program

In the Linux kernel, the following vulnerability has been resolved:

cpumap: Zero-initialise xdp_rxq_info struct before running XDP program

When running an XDP program that is attached to a cpumap entry, we don't
initialise the xdp_rxq_info data structure being used in the xdp_buff
that backs the XDP program invocation. Tobias noticed that this leads to
random values being returned as the xdp_md->rx_queue_index value for XDP
programs running in a cpumap.

This means we're basically returning the contents of the uninitialised
memory, which is bad. Fix this by zero-initialising the rxq data
structure before running the XDP program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.9 < 5.10.213
LinuxLinux Kernel Version >= 5.11 < 5.15.152
LinuxLinux Kernel Version >= 5.16 < 6.1.82
LinuxLinux Kernel Version >= 6.2 < 6.6.22
LinuxLinux Kernel Version >= 6.7 < 6.7.10
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
LinuxLinux Kernel Version6.8 Updaterc3
LinuxLinux Kernel Version6.8 Updaterc4
LinuxLinux Kernel Version6.8 Updaterc5
LinuxLinux Kernel Version6.8 Updaterc6
LinuxLinux Kernel Version6.8 Updaterc7
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.127
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5
Patch
https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95
Patch
https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297
Patch
https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6
Patch
https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b
Patch
https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html