5.5
CVE-2024-40983
- EPSS 0.29%
- Veröffentlicht 12.07.2024 13:15:19
- Zuletzt bearbeitet 03.11.2025 22:17:20
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
tipc: force a dst refcount before doing decryption
In the Linux kernel, the following vulnerability has been resolved:
tipc: force a dst refcount before doing decryption
As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before
entering the xfrm type handlers"):
"Crypto requests might return asynchronous. In this case we leave the
rcu protected region, so force a refcount on the skb's destination
entry before we enter the xfrm type input/output handlers."
On TIPC decryption path it has the same problem, and skb_dst_force()
should be called before doing decryption to avoid a possible crash.
Shuang reported this issue when this warning is triggered:
[] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]
[] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug
[] Workqueue: crypto cryptd_queue_worker
[] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]
[] Call Trace:
[] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]
[] tipc_rcv+0xcf5/0x1060 [tipc]
[] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]
[] cryptd_aead_crypt+0xdb/0x190
[] cryptd_queue_worker+0xed/0x190
[] process_one_work+0x93d/0x17e0Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.221
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.162
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.96
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.36
Linux ≫ Linux Kernel Version >= 6.7 < 6.9.7
Linux ≫ Linux Kernel Version6.10 Updaterc1
Linux ≫ Linux Kernel Version6.10 Updaterc2
Linux ≫ Linux Kernel Version6.10 Updaterc3
Linux ≫ Linux Kernel Version6.10 Updaterc4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.21 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269
https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8
https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2
https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930
https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76
https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html