First published: Wed Apr 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneve_rx() syzbot triggered a bug in geneve_rx() [1] Issue is similar to the one I fixed in commit 8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure the needed headers are in skb->head. [1] BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] BUG: KMSAN: uninit-value in geneve_rx drivers/net/geneve.c:279 [inline] BUG: KMSAN: uninit-value in geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391 IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] geneve_rx drivers/net/geneve.c:279 [inline] geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391 udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108 udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186 udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp.c:2346 __udp4_lib_rcv+0x1c6b/0x3010 net/ipv4/udp.c:2422 udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604 ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233 NF_HOOK include/linux/netfilter.h:314 [inline] ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:461 [inline] ip_rcv_finish net/ipv4/ip_input.c:449 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569 __netif_receive_skb_one_core net/core/dev.c:5534 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648 process_backlog+0x480/0x8b0 net/core/dev.c:5976 __napi_poll+0xe3/0x980 net/core/dev.c:6576 napi_poll net/core/dev.c:6645 [inline] net_rx_action+0x8b8/0x1870 net/core/dev.c:6778 __do_softirq+0x1b7/0x7c5 kernel/softirq.c:553 do_softirq+0x9a/0xf0 kernel/softirq.c:454 __local_bh_enable_ip+0x9b/0xa0 kernel/softirq.c:381 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline] __dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378 dev_queue_xmit include/linux/netdevice.h:3171 [inline] packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3081 [inline] packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook mm/slub.c:3819 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x352/0x790 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1296 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783 packet_alloc_skb net/packet/af_packet.c:2930 [inline] packet_snd net/packet/af_packet.c:3024 [inline] packet_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
debian/linux | 5.10.218-1 5.10.221-1 6.1.94-1 6.1.99-1 6.9.10-1 6.9.12-1 | |
ubuntu/linux | <4.15.0-227.239 | 4.15.0-227.239 |
ubuntu/linux | <5.4.0-189.209 | 5.4.0-189.209 |
ubuntu/linux | <5.15.0-112.122 | 5.15.0-112.122 |
ubuntu/linux | <6.8 | 6.8 |
ubuntu/linux | <4.4.0-257.291 | 4.4.0-257.291 |
ubuntu/linux-aws | <4.15.0-1170.183 | 4.15.0-1170.183 |
ubuntu/linux-aws | <5.4.0-1128.138 | 5.4.0-1128.138 |
ubuntu/linux-aws | <5.15.0-1063.69 | 5.15.0-1063.69 |
ubuntu/linux-aws | <4.4.0-1134.140 | 4.4.0-1134.140 |
ubuntu/linux-aws | <6.8 | 6.8 |
ubuntu/linux-aws | <4.4.0-1172.187 | 4.4.0-1172.187 |
ubuntu/linux-aws-5.15 | <5.15.0-1063.69~20.04.1 | 5.15.0-1063.69~20.04.1 |
ubuntu/linux-aws-5.15 | <6.8 | 6.8 |
ubuntu/linux-aws-5.4 | <6.8 | 6.8 |
ubuntu/linux-aws-6.5 | <6.8 | 6.8 |
ubuntu/linux-aws-fips | <6.8 | 6.8 |
ubuntu/linux-aws-hwe | <6.8 | 6.8 |
ubuntu/linux-aws-hwe | <4.15.0-1170.183~16.04.1 | 4.15.0-1170.183~16.04.1 |
ubuntu/linux-azure | <5.4.0-1133.140 | 5.4.0-1133.140 |
ubuntu/linux-azure | <5.15.0-1066.75 | 5.15.0-1066.75 |
ubuntu/linux-azure | <4.15.0-1179.194~14.04.1 | 4.15.0-1179.194~14.04.1 |
ubuntu/linux-azure | <6.8 | 6.8 |
ubuntu/linux-azure-4.15 | <4.15.0-1179.194 | 4.15.0-1179.194 |
ubuntu/linux-azure-4.15 | <6.8 | 6.8 |
ubuntu/linux-azure-5.15 | <6.8 | 6.8 |
ubuntu/linux-azure-5.4 | <5.4.0-1133.140~18.04.1 | 5.4.0-1133.140~18.04.1 |
ubuntu/linux-azure-5.4 | <6.8 | 6.8 |
ubuntu/linux-azure-6.5 | <6.8 | 6.8 |
ubuntu/linux-azure-fde | <5.15.0-1067.76.1 | 5.15.0-1067.76.1 |
ubuntu/linux-azure-fde | <6.8 | 6.8 |
ubuntu/linux-azure-fde-5.15 | <5.15.0-1065.74~20.04.1.1 | 5.15.0-1065.74~20.04.1.1 |
ubuntu/linux-azure-fde-5.15 | <6.8 | 6.8 |
ubuntu/linux-azure-fips | <6.8 | 6.8 |
ubuntu/linux-bluefield | <5.4.0-1088.95 | 5.4.0-1088.95 |
ubuntu/linux-bluefield | <6.8 | 6.8 |
ubuntu/linux-fips | <6.8 | 6.8 |
ubuntu/linux-gcp | <5.4.0-1132.141 | 5.4.0-1132.141 |
ubuntu/linux-gcp | <5.15.0-1062.70 | 5.15.0-1062.70 |
ubuntu/linux-gcp | <6.8 | 6.8 |
ubuntu/linux-gcp | <4.15.0-1164.181~16.04.1 | 4.15.0-1164.181~16.04.1 |
ubuntu/linux-gcp-4.15 | <4.15.0-1164.181 | 4.15.0-1164.181 |
ubuntu/linux-gcp-4.15 | <6.8 | 6.8 |
ubuntu/linux-gcp-5.15 | <5.15.0-1062.70~20.04.1 | 5.15.0-1062.70~20.04.1 |
ubuntu/linux-gcp-5.15 | <6.8 | 6.8 |
ubuntu/linux-gcp-5.4 | <5.4.0-1132.141~18.04.1 | 5.4.0-1132.141~18.04.1 |
ubuntu/linux-gcp-5.4 | <6.8 | 6.8 |
ubuntu/linux-gcp-6.5 | <6.8 | 6.8 |
ubuntu/linux-gcp-fips | <6.8 | 6.8 |
ubuntu/linux-gke | <5.15.0-1060.66 | 5.15.0-1060.66 |
ubuntu/linux-gke | <6.8 | 6.8 |
ubuntu/linux-gkeop | <5.4.0-1095.99 | 5.4.0-1095.99 |
ubuntu/linux-gkeop | <5.15.0-1046.53 | 5.15.0-1046.53 |
ubuntu/linux-gkeop | <6.8 | 6.8 |
ubuntu/linux-gkeop-5.15 | <5.15.0-1046.53~20.04.1 | 5.15.0-1046.53~20.04.1 |
ubuntu/linux-gkeop-5.15 | <6.8 | 6.8 |
ubuntu/linux-hwe | <6.8 | 6.8 |
ubuntu/linux-hwe | <4.15.0-227.239~16.04.1 | 4.15.0-227.239~16.04.1 |
ubuntu/linux-hwe-5.15 | <5.15.0-113.123~20.04.1 | 5.15.0-113.123~20.04.1 |
ubuntu/linux-hwe-5.15 | <6.8 | 6.8 |
ubuntu/linux-hwe-5.4 | <5.4.0-189.209~18.04.1 | 5.4.0-189.209~18.04.1 |
ubuntu/linux-hwe-5.4 | <6.8 | 6.8 |
ubuntu/linux-hwe-6.5 | <6.8 | 6.8 |
ubuntu/linux-ibm | <5.4.0-1075.80 | 5.4.0-1075.80 |
ubuntu/linux-ibm | <5.15.0-1056.59 | 5.15.0-1056.59 |
ubuntu/linux-ibm | <6.8 | 6.8 |
ubuntu/linux-ibm-5.15 | <5.15.0-1057.60~20.04.1 | 5.15.0-1057.60~20.04.1 |
ubuntu/linux-ibm-5.15 | <6.8 | 6.8 |
ubuntu/linux-ibm-5.4 | <5.4.0-1075.80~18.04.1 | 5.4.0-1075.80~18.04.1 |
ubuntu/linux-ibm-5.4 | <6.8 | 6.8 |
ubuntu/linux-intel | <6.8 | 6.8 |
ubuntu/linux-intel-iotg | <5.15.0-1058.64 | 5.15.0-1058.64 |
ubuntu/linux-intel-iotg | <6.8 | 6.8 |
ubuntu/linux-intel-iotg-5.15 | <5.15.0-1058.64~20.04.1 | 5.15.0-1058.64~20.04.1 |
ubuntu/linux-intel-iotg-5.15 | <6.8 | 6.8 |
ubuntu/linux-iot | <5.4.0-1040.41 | 5.4.0-1040.41 |
ubuntu/linux-iot | <6.8 | 6.8 |
ubuntu/linux-kvm | <4.15.0-1154.159 | 4.15.0-1154.159 |
ubuntu/linux-kvm | <5.4.0-1116.123 | 5.4.0-1116.123 |
ubuntu/linux-kvm | <5.15.0-1060.65 | 5.15.0-1060.65 |
ubuntu/linux-kvm | <6.8 | 6.8 |
ubuntu/linux-kvm | <4.4.0-1135.145 | 4.4.0-1135.145 |
ubuntu/linux-laptop | <6.8 | 6.8 |
ubuntu/linux-lowlatency | <5.15.0-110.120 | 5.15.0-110.120 |
ubuntu/linux-lowlatency | <6.8 | 6.8 |
ubuntu/linux-lowlatency-hwe-5.15 | <5.15.0-110.120~20.04.1 | 5.15.0-110.120~20.04.1 |
ubuntu/linux-lowlatency-hwe-5.15 | <6.8 | 6.8 |
ubuntu/linux-lowlatency-hwe-6.5 | <6.8 | 6.8 |
ubuntu/linux-lts-xenial | <4.4.0-257.291~14.04.1 | 4.4.0-257.291~14.04.1 |
ubuntu/linux-lts-xenial | <6.8 | 6.8 |
ubuntu/linux-nvidia | <5.15.0-1058.59 | 5.15.0-1058.59 |
ubuntu/linux-nvidia | <6.8 | 6.8 |
ubuntu/linux-nvidia-6.5 | <6.8 | 6.8 |
ubuntu/linux-nvidia-6.8 | <6.8 | 6.8 |
ubuntu/linux-nvidia-lowlatency | <6.8 | 6.8 |
ubuntu/linux-oem-6.5 | <6.8 | 6.8 |
ubuntu/linux-oem-6.8 | <6.8 | 6.8 |
ubuntu/linux-oracle | <4.15.0-1133.144 | 4.15.0-1133.144 |
ubuntu/linux-oracle | <5.4.0-1127.136 | 5.4.0-1127.136 |
ubuntu/linux-oracle | <5.15.0-1061.67 | 5.15.0-1061.67 |
ubuntu/linux-oracle | <6.8 | 6.8 |
ubuntu/linux-oracle | <4.15.0-1133.144~16.04.1 | 4.15.0-1133.144~16.04.1 |
ubuntu/linux-oracle-5.15 | <6.8 | 6.8 |
ubuntu/linux-oracle-5.4 | <5.4.0-1127.136~18.04.1 | 5.4.0-1127.136~18.04.1 |
ubuntu/linux-oracle-5.4 | <6.8 | 6.8 |
ubuntu/linux-oracle-6.5 | <6.8 | 6.8 |
ubuntu/linux-raspi | <5.4.0-1112.124 | 5.4.0-1112.124 |
ubuntu/linux-raspi | <5.15.0-1058.61 | 5.15.0-1058.61 |
ubuntu/linux-raspi | <6.8 | 6.8 |
ubuntu/linux-raspi-5.4 | <6.8 | 6.8 |
ubuntu/linux-riscv | <6.8 | 6.8 |
ubuntu/linux-riscv-5.15 | <5.15.0-1059.63~20.04.1 | 5.15.0-1059.63~20.04.1 |
ubuntu/linux-riscv-5.15 | <6.8 | 6.8 |
ubuntu/linux-riscv-6.5 | <6.8 | 6.8 |
ubuntu/linux-starfive | <6.8 | 6.8 |
ubuntu/linux-starfive-6.5 | <6.8 | 6.8 |
ubuntu/linux-xilinx-zynqmp | <5.4.0-1047.51 | 5.4.0-1047.51 |
ubuntu/linux-xilinx-zynqmp | <5.15.0-1030.34 | 5.15.0-1030.34 |
ubuntu/linux-xilinx-zynqmp | <6.8 | 6.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)