CVE: CVE-2024-42083

Descrizione: “The Linux kernel has resolved a vulnerability in the ionic kernel panic due to multi-buffer handling. Ionic’s `ionic_run_xdp()` doesn’t properly handle XDP_TX and XDP_REDIRECT packets with multi-buffer. Currently, `ionic_run_xdp()` first creates a `xdp` frame with all necessary pages in the `rx` descriptor. If the action is either XDP_TX or XDP_REDIRECT, it unmaps DMA mapping and resets page pointers to NULL for all pages, not just the first. SG pages are unexpectedly reused. This causes kernel panic. The issue is a general protection fault, likely related to an invalid address (0x504f4e4dbebc64ff). The CPU is 3, PID 0, Comm is swapper/3, and the system is running kernel version 6.10.0-rc3+ with a reset. The RIP address is 0010, return frame, and the code is 01 75 12 5b 4c 89 e6 5d 31 c9 41 5c 31 d2 41 5d e9 73 fd ff ff 44 8b 6b 20 0f b7 43 0a 49 81 ed 68 01 00 00 49 29 c5 49 01 fd <41> 80 7d0. The RSP is 0018,ffff99d00122ce08, and the RBP is ffff99d003907740. The CRC is 00007f41f6c85e38. The kernel is in the FS: 0000000000000000(0000), GS:ffff8d399f780000(0000), and CR0: 0000000080050033. The PKRU is 5555554, CRX is ffff8d3242b070c8, and the R10 is 00000011f90d0000. The R11 is 0000000000000000. The FS is 0000000000000000(0000), GS is fffff8d399f78000(0000), and the CR is 0000000080050033. The CR2 is 00007f41f6c85e38, CR3 is 000000037ac30000, CR4 is 00000000007506f0, and PKRU is 5555554. The call trace shows the `ionic_run_xdp` function call. [End of Trace] “

Vettore di attacco

Riferimenti esterni

• https://git.kernel.org/stable/c/8ae401525ae84228a8986bb369224a6224e4d22f
• https://git.kernel.org/stable/c/e3f02f32a05009a688a87f5799e049ed6b55bab5

Prodotti interessati

• Linux – Linux
• Linux – Linux

Relazioni con altri prodotti

Produttore:Linux
Prodotto: Linux
Anno: 2024
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2024)