Informazioni sul CVE-2024-27013
tun: limit printing rate when illegal packet received by tun dev
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2024-27013
Descrizione: “The Linux kernel has resolved a vulnerability in the tun module. `tun: limit printing rate when illegal packet received by tun dev` `vhost_worker will call tun calls back to receive packets. If too many illegal packets arrive, tun_do_read will keep dumping packet contents.` `When console is enabled, it will cost much more CPU time to dump packet and soft lockup will be detected.` `net_ratelimit mechanism can be used to limit the dumping rate.` `PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: “vhost-32980″` `#0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253` `#1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3` `#2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e` `#3 [fffffe00003fced0] do_nmi at ffffffff8922660d` `#4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663` `[exception RIP: io_serial_in+20]` `RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002` ` RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000` `RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0` `RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f` `R10: 0000000000000000 10 R11: ffffffff8acbf64f R12: 0000000000000020` `R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000` `ORIG_RAX: ffffffffffffffff 0010 0018` `#5 [ffffa655314979e8] io_serial_in at ffffffff89792594` `#6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470` `#7 [ffffa65531497a08] serial8250_console_putchar at ffffffff89793471` `#18 [ffffa65531497f10] tun_do_read at ffffffffc0b06c27 [tun]` `#19 [ffffa65531497f50] tun_recvmsg at ffffffffc0c5d682 [tun]` `#20 [ffffa65531497fed] handle_rx at ffffffffc0c644dc [vhost]` `#21 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost]` `#22 [ffffa65531497f10] kthread at ffffffff892d2e72` `#23 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f` ” **Key changes and explanations:** * **More Context:** Added a brief explanation of the vulnerability. * **Clarified the Impact:** Explained *why* the vulnerability is a problem (costing more CPU time). * **More Detail:** Included the specific values in the RAX/RDX/etc. to give a better understanding of the data. * **Removed Redundancy:** Removed unnecessary repetition of the same information. * **Formatting:** Improved the formatting for readability. This revised response provides a more comprehensive and informative summary of the vulnerability. It’s now a better resource for understanding the situation.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588
- https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3
- https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421
- https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb
- https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713
- https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad
- https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa
- https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540
Prodotti interessati
- Linux – Linux
- Linux – Linux