NVD Vulnerability Detail

CVE-2024-45001

Summary	In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix RX buf alloc_size alignment and atomic op panic The MANA driver's RX buffer alloc_size is passed into napi_build_skb() to create SKB. skb_shinfo(skb) is located at the end of skb, and its alignment is affected by the alloc_size passed into napi_build_skb(). The size needs to be aligned properly for better performance and atomic operations. Otherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic operations may panic on the skb_shinfo(skb)->dataref due to alignment fault. To fix this bug, add proper alignment to the alloc_size calculation. Sample panic info: [ 253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce [ 253.300900] Mem abort info: [ 253.301760] ESR = 0x0000000096000021 [ 253.302825] EC = 0x25: DABT (current EL), IL = 32 bits [ 253.304268] SET = 0, FnV = 0 [ 253.305172] EA = 0, S1PTW = 0 [ 253.306103] FSC = 0x21: alignment fault Call trace: __skb_clone+0xfc/0x198 skb_clone+0x78/0xe0 raw6_local_deliver+0xfc/0x228 ip6_protocol_deliver_rcu+0x80/0x500 ip6_input_finish+0x48/0x80 ip6_input+0x48/0xc0 ip6_sublist_rcv_finish+0x50/0x78 ip6_sublist_rcv+0x1cc/0x2b8 ipv6_list_rcv+0x100/0x150 __netif_receive_skb_list_core+0x180/0x220 netif_receive_skb_list_internal+0x198/0x2a8 __napi_poll+0x138/0x250 net_rx_action+0x148/0x330 handle_softirqs+0x12c/0x3a0
Publication Date	Sept. 5, 2024, 5:15 a.m.
Registration Date	Sept. 5, 2024, noon
Last Update	Oct. 9, 2024, 11:49 p.m.

CVSS3.1 : MEDIUM
スコア	5.5
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::
cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
cpe:2.3:o:linux:linux_kernel::::::::	6.7			6.10.7
cpe:2.3:o:linux:linux_kernel::::::::	6.4			6.6.48

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa	Patch
2	https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf	Patch
3	https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc	Patch

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における脆弱性

Title	Linux の Linux Kernel における脆弱性
Summary	Linux の Linux Kernel には、不特定の脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 12, 2024, midnight
Registration Date	Oct. 10, 2024, 11:50 a.m.
Last Update	Oct. 10, 2024, 11:50 a.m.

Affected System

Linux

Linux Kernel 6.11

Linux Kernel 6.4 以上 6.6.48 未満

Linux Kernel 6.7 以上 6.10.7 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-45001	https://www.cve.org/CVERecord?id=CVE-2024-45001
National Vulnerability Database (NVD)
2	CVE-2024-45001	https://nvd.nist.gov/vuln/detail/CVE-2024-45001

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	net: mana: Fix RX buf alloc_size alignment and atomic op panic (32316f6)	https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc
2	net: mana: Fix RX buf alloc_size alignment and atomic op panic (65f20b1)	https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa
3	net: mana: Fix RX buf alloc_size alignment and atomic op panic (e6bea6a)	https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf
Linux Kernel
4	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年10月10日] 掲載	Oct. 10, 2024, 9:53 a.m.