CVE-2024-26665Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read26 documents7 sources
Severity
7.1HIGHNVD
OSV7.0OSV6.5
EPSS
0.0%
top 98.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedApr 2
Latest updateAug 2

Description

In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the following splat, BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240 Read of size 4 at addr ffff88811d402c80 by task netperf/820 CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543 ... kasan_report+0xd8/0x110 do_csum+0x220/0x240 csum_partial+0xc/0x20 skb_tunnel_check_pmtu+0xeb9/0x3280 vxlan_xmi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages5 packages

NVDlinux/linux_kernel5.95.10.210+5
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.15.0-106.116
CVEListV5linux/linux4cb47a8644cc9eb8ec81190a50e79e6530d0297fe77bf828f1ca1c47fcff58bdc26b60a9d3dfbe1d+6
debiandebian/linux< linux 6.1.82-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

12
OSV
linux-oem-6.5 vulnerabilities2024-08-02
OSV
linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5 vulnerabilities2024-07-19
OSV
linux-hwe-6.5 vulnerabilities2024-07-17
OSV
linux-azure-6.5, linux-gcp-6.5 vulnerabilities2024-07-16
OSV
linux, linux-gcp, linux-nvidia-6.5, linux-raspi vulnerabilities2024-07-12

📋Vendor Advisories

12
Ubuntu
Linux kernel vulnerabilities2024-08-02
Ubuntu
Linux kernel vulnerabilities2024-07-19
Ubuntu
Linux kernel vulnerabilities2024-07-17
Ubuntu
Linux kernel vulnerabilities2024-07-16
Ubuntu
Linux kernel vulnerabilities2024-07-12

💬Community

1
Bugzilla
CVE-2024-26665 kernel: tunnels: fix out of bounds access when building IPv6 PMTU error2024-04-02