CVE-2024-27013

Summary

In the Linux kernel, the following vulnerability has been resolved:

tun: limit printing rate when illegal packet received by tun dev

vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. When console is enabled, it will costs much more cpu time to dump packet and soft lockup will be detected.

net_ratelimit mechanism can be used to limit the dumping rate.

PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980" #0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253 #1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3 #2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e #3 [fffffe00003fced0] do_nmi at ffffffff8922660d #4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663 [exception RIP: io_serial_in+20] RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002 RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000 RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0 RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020 R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #5 [ffffa655314979e8] io_serial_in at ffffffff89792594 #6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470 #7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6 #8 [ffffa65531497a20] uart_console_write at ffffffff8978b605 #9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558 #10 [ffffa65531497ac8] console_unlock at ffffffff89316124 #11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07 #12 [ffffa65531497b68] printk at ffffffff89318306 #13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765 #14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun] #15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun] #16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net] #17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost] #18 [ffffa65531497f10] kthread at ffffffff892d2e72 #19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxef3db4a5954281bc1ea49a4739c88eaea091dc71 < 68459b8e3ee554ce71878af9eb69659b9462c588affected
LinuxLinuxef3db4a5954281bc1ea49a4739c88eaea091dc71 < 4b0dcae5c4797bf31c63011ed62917210d3fdac3affected
LinuxLinuxef3db4a5954281bc1ea49a4739c88eaea091dc71 < 14cdb43dbc827e18ac7d5b30c5b4c676219f1421affected
LinuxLinuxef3db4a5954281bc1ea49a4739c88eaea091dc71 < a50dbeca28acf7051dfa92786b85f704c75db6ebaffected
LinuxLinuxef3db4a5954281bc1ea49a4739c88eaea091dc71 < 62e27ef18eb4f0d33bbae8e9ef56b99696a74713affected
LinuxLinuxef3db4a5954281bc1ea49a4739c88eaea091dc71 < 40f4ced305c6c47487d3cd8da54676e2acc1a6adaffected
LinuxLinuxef3db4a5954281bc1ea49a4739c88eaea091dc71 < 52854101180beccdb9dc2077a3bea31b6ad48dfaaffected
LinuxLinuxef3db4a5954281bc1ea49a4739c88eaea091dc71 < f8bbc07ac535593139c875ffa19af924b1084540affected
LinuxLinux2.6.35affected
LinuxLinux0 < 2.6.35unaffected
LinuxLinux4.19.313 <= 4.19.*unaffected
LinuxLinux5.4.275 <= 5.4.*unaffected
LinuxLinux5.10.216 <= 5.10.*unaffected
LinuxLinux5.15.157 <= 5.15.*unaffected
LinuxLinux6.1.88 <= 6.1.*unaffected
LinuxLinux6.6.29 <= 6.6.*unaffected
LinuxLinux6.8.8 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References