CVE-2024-26633 — Improper Input Validation in Linux
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 18
Latest updateDec 10
Description
In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken.
Reading frag_off can only be done if we pulled enough bytes
to skb->head. Currently we might access garbage.
[1]
BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0
ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0
ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]
ip6_tnl_start_xmit+0x…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linuxfbfa743a9d2a0ffa24251764f10afc13eb21e739 — 135414f300c5db995e2a2f3bf0f455de9d014aee+15
Also affects: Debian Linux 10.0, Ontap Tools 9
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-pp36-2qc2-w4hw: In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
syzbot↗2024-03-18
OSV▶
CVE-2024-26633: In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot po↗2024-03-18
📋Vendor Advisories
19💬Community
1Bugzilla▶
CVE-2024-26633 kernel: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()↗2024-03-18