8.8
CVE-2024-47659
- EPSS 0.84%
- Veröffentlicht 09.10.2024 14:15:07
- Zuletzt bearbeitet 03.11.2025 23:16:13
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
smack: tcp: ipv4, fix incorrect labeling
In the Linux kernel, the following vulnerability has been resolved:
smack: tcp: ipv4, fix incorrect labeling
Currently, Smack mirrors the label of incoming tcp/ipv4 connections:
when a label 'foo' connects to a label 'bar' with tcp/ipv4,
'foo' always gets 'foo' in returned ipv4 packets. So,
1) returned packets are incorrectly labeled ('foo' instead of 'bar')
2) 'bar' can write to 'foo' without being authorized to write.
Here is a scenario how to see this:
* Take two machines, let's call them C and S,
with active Smack in the default state
(no settings, no rules, no labeled hosts, only builtin labels)
* At S, add Smack rule 'foo bar w'
(labels 'foo' and 'bar' are instantiated at S at this moment)
* At S, at label 'bar', launch a program
that listens for incoming tcp/ipv4 connections
* From C, at label 'foo', connect to the listener at S.
(label 'foo' is instantiated at C at this moment)
Connection succeedes and works.
* Send some data in both directions.
* Collect network traffic of this connection.
All packets in both directions are labeled with the CIPSO
of the label 'foo'. Hence, label 'bar' writes to 'foo' without
being authorized, and even without ever being known at C.
If anybody cares: exactly the same happens with DCCP.
This behavior 1st manifested in release 2.6.29.4 (see Fixes below)
and it looks unintentional. At least, no explanation was provided.
I changed returned packes label into the 'bar',
to bring it into line with the Smack documentation claims.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 4.19.322
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.284
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.226
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.167
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.109
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.50
Linux ≫ Linux Kernel Version >= 6.7 < 6.10.9
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.84% | 0.53 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9
https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c
https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550
https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff
https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671
https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670
https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f
https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html