CVE-2024-40996

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: Avoid splat in pskb_pull_reason

syzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug hint in pskb_may_pull.

We'd like to retain this debug check because it might hint at integer overflows and other issues (kernel code should pull headers, not huge value).

In bpf case, this splat isn't interesting at all: such (nonsensical) bpf programs are typically generated by a fuzzer anyway.

Do what Eric suggested and suppress such warning.

For CONFIG_DEBUG_NET=n we don't need the extra check because pskb_may_pull will do the right thing: return an error without the WARN() backtrace.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8af60bb2b215f478b886f1d6d302fefa7f0b917d < dacc15e9cb248d19e5fc63c54bef0b9b55007761affected
LinuxLinux1b2b26595bb09febf14c5444c873ac4ec90a5a77 < 7f9644782c559635bd676c12c59389a34ed7c866affected
LinuxLinux219eee9c0d16f1b754a8b85275854ab17df0850a < 5e90258303a358e88737afb5048bee9113beea3aaffected
LinuxLinux219eee9c0d16f1b754a8b85275854ab17df0850a < 2bbe3e5a2f4ef69d13be54f1cf895b4658287080affected
LinuxLinuxfff05b2b004d9a8a2416d08647f3dc9068e357c8affected
LinuxLinux6.1.86 < 6.1.96affected
LinuxLinux6.6.27 < 6.6.36affected
LinuxLinux6.8.6 < 6.9affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.1.96 <= 6.1.*unaffected
LinuxLinux6.6.36 <= 6.6.*unaffected
LinuxLinux6.9.7 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References