high
7.8
Advisory Published
CVE Published
Updated

CVE-2024-26882: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()

First published: Wed Apr 17 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()") 1ca1ba465e55 ("geneve: make sure to pull inner header in geneve_rx()") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure the needed headers are in skb->head. syzbot reported: BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __ipgre_rcv+0x9bc/0xbc0 net/ipv4/ip_gre.c:389 ipgre_rcv net/ipv4/ip_gre.c:411 [inline] gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447 gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163 ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233 NF_HOOK include/linux/netfilter.h:314 [inline] ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:461 [inline] ip_rcv_finish net/ipv4/ip_input.c:449 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569 __netif_receive_skb_one_core net/core/dev.c:5534 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648 netif_receive_skb_internal net/core/dev.c:5734 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5793 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1556 tun_get_user+0x53b9/0x66e0 drivers/net/tun.c:2009 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055 call_write_iter include/linux/fs.h:2087 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xb6b/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590 alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133 alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204 skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909 tun_build_skb drivers/net/tun.c:1686 [inline] tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055 call_write_iter include/linux/fs.h:2087 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xb6b/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Linux kernel>=3.10<5.4.273
Linux Linux kernel>=5.5<5.10.214
Linux Linux kernel>=5.11<5.15.153
Linux Linux kernel>=5.16<6.1.83
Linux Linux kernel>=6.2<6.6.23
Linux Linux kernel>=6.7<6.7.11
Linux Linux kernel>=6.8<6.8.2
debian/linux
5.10.218-1
5.10.221-1
6.1.94-1
6.1.99-1
6.9.10-1
6.9.12-1
ubuntu/linux<4.15.0-227.239
4.15.0-227.239
ubuntu/linux<5.4.0-189.209
5.4.0-189.209
ubuntu/linux<5.15.0-112.122
5.15.0-112.122
ubuntu/linux<6.8.0-35.35
6.8.0-35.35
ubuntu/linux<3.13.0-198.249
3.13.0-198.249
ubuntu/linux<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux<4.4.0-257.291
4.4.0-257.291
ubuntu/linux-aws<4.15.0-1170.183
4.15.0-1170.183
ubuntu/linux-aws<5.4.0-1128.138
5.4.0-1128.138
ubuntu/linux-aws<5.15.0-1063.69
5.15.0-1063.69
ubuntu/linux-aws<6.8.0-1009.9
6.8.0-1009.9
ubuntu/linux-aws<4.4.0-1134.140
4.4.0-1134.140
ubuntu/linux-aws<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-aws<4.4.0-1172.187
4.4.0-1172.187
ubuntu/linux-aws-5.15<5.15.0-1063.69~20.04.1
5.15.0-1063.69~20.04.1
ubuntu/linux-aws-5.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-aws-5.4<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-aws-6.5<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-aws-fips<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-aws-hwe<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-aws-hwe<4.15.0-1170.183~16.04.1
4.15.0-1170.183~16.04.1
ubuntu/linux-azure<5.4.0-1133.140
5.4.0-1133.140
ubuntu/linux-azure<5.15.0-1066.75
5.15.0-1066.75
ubuntu/linux-azure<6.8.0-1008.8
6.8.0-1008.8
ubuntu/linux-azure<4.15.0-1179.194~14.04.1
4.15.0-1179.194~14.04.1
ubuntu/linux-azure<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-azure-4.15<4.15.0-1179.194
4.15.0-1179.194
ubuntu/linux-azure-4.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-azure-5.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-azure-5.4<5.4.0-1133.140~18.04.1
5.4.0-1133.140~18.04.1
ubuntu/linux-azure-5.4<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-azure-6.5<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-azure-fde<5.15.0-1067.76.1
5.15.0-1067.76.1
ubuntu/linux-azure-fde<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-azure-fde-5.15<5.15.0-1065.74~20.04.1.1
5.15.0-1065.74~20.04.1.1
ubuntu/linux-azure-fde-5.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-azure-fips<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-bluefield<5.4.0-1088.95
5.4.0-1088.95
ubuntu/linux-bluefield<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-fips<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-gcp<5.4.0-1132.141
5.4.0-1132.141
ubuntu/linux-gcp<5.15.0-1062.70
5.15.0-1062.70
ubuntu/linux-gcp<6.8.0-1008.9
6.8.0-1008.9
ubuntu/linux-gcp<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-gcp<4.15.0-1164.181~16.04.1
4.15.0-1164.181~16.04.1
ubuntu/linux-gcp-4.15<4.15.0-1164.181
4.15.0-1164.181
ubuntu/linux-gcp-4.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-gcp-5.15<5.15.0-1062.70~20.04.1
5.15.0-1062.70~20.04.1
ubuntu/linux-gcp-5.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-gcp-5.4<5.4.0-1132.141~18.04.1
5.4.0-1132.141~18.04.1
ubuntu/linux-gcp-5.4<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-gcp-6.5<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-gcp-fips<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-gke<5.15.0-1060.66
5.15.0-1060.66
ubuntu/linux-gke<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-gkeop<5.4.0-1095.99
5.4.0-1095.99
ubuntu/linux-gkeop<5.15.0-1046.53
5.15.0-1046.53
ubuntu/linux-gkeop<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-gkeop-5.15<5.15.0-1046.53~20.04.1
5.15.0-1046.53~20.04.1
ubuntu/linux-gkeop-5.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-hwe<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-hwe<4.15.0-227.239~16.04.1
4.15.0-227.239~16.04.1
ubuntu/linux-hwe-5.15<5.15.0-113.123~20.04.1
5.15.0-113.123~20.04.1
ubuntu/linux-hwe-5.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-hwe-5.4<5.4.0-189.209~18.04.1
5.4.0-189.209~18.04.1
ubuntu/linux-hwe-5.4<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-hwe-6.5<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-ibm<5.4.0-1075.80
5.4.0-1075.80
ubuntu/linux-ibm<5.15.0-1056.59
5.15.0-1056.59
ubuntu/linux-ibm<6.8.0-1006.6
6.8.0-1006.6
ubuntu/linux-ibm<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-ibm-5.15<5.15.0-1057.60~20.04.1
5.15.0-1057.60~20.04.1
ubuntu/linux-ibm-5.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-ibm-5.4<5.4.0-1075.80~18.04.1
5.4.0-1075.80~18.04.1
ubuntu/linux-ibm-5.4<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-intel<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-intel-iotg<5.15.0-1058.64
5.15.0-1058.64
ubuntu/linux-intel-iotg<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-intel-iotg-5.15<5.15.0-1058.64~20.04.1
5.15.0-1058.64~20.04.1
ubuntu/linux-intel-iotg-5.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-iot<5.4.0-1040.41
5.4.0-1040.41
ubuntu/linux-iot<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-kvm<4.15.0-1154.159
4.15.0-1154.159
ubuntu/linux-kvm<5.4.0-1116.123
5.4.0-1116.123
ubuntu/linux-kvm<5.15.0-1060.65
5.15.0-1060.65
ubuntu/linux-kvm<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-kvm<4.4.0-1135.145
4.4.0-1135.145
ubuntu/linux-laptop<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-lowlatency<5.15.0-110.120
5.15.0-110.120
ubuntu/linux-lowlatency<6.8.0-35.35.1
6.8.0-35.35.1
ubuntu/linux-lowlatency<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-lowlatency-hwe-5.15<5.15.0-110.120~20.04.1
5.15.0-110.120~20.04.1
ubuntu/linux-lowlatency-hwe-5.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-lowlatency-hwe-6.5<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-lts-xenial<4.4.0-257.291~14.04.1
4.4.0-257.291~14.04.1
ubuntu/linux-lts-xenial<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-nvidia<5.15.0-1058.59
5.15.0-1058.59
ubuntu/linux-nvidia<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-nvidia-6.5<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-nvidia-6.8<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-nvidia-lowlatency<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-oem-6.5<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-oem-6.8<6.8.0-1006.6
6.8.0-1006.6
ubuntu/linux-oem-6.8<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-oracle<4.15.0-1133.144
4.15.0-1133.144
ubuntu/linux-oracle<5.4.0-1127.136
5.4.0-1127.136
ubuntu/linux-oracle<5.15.0-1061.67
5.15.0-1061.67
ubuntu/linux-oracle<6.8.0-1006.6
6.8.0-1006.6
ubuntu/linux-oracle<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-oracle<4.15.0-1133.144~16.04.1
4.15.0-1133.144~16.04.1
ubuntu/linux-oracle-5.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-oracle-5.4<5.4.0-1127.136~18.04.1
5.4.0-1127.136~18.04.1
ubuntu/linux-oracle-5.4<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-oracle-6.5<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-raspi<5.4.0-1112.124
5.4.0-1112.124
ubuntu/linux-raspi<5.15.0-1058.61
5.15.0-1058.61
ubuntu/linux-raspi<6.8.0-1005.5
6.8.0-1005.5
ubuntu/linux-raspi<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-raspi-5.4<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-riscv<6.8.0-35.35.1
6.8.0-35.35.1
ubuntu/linux-riscv<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-riscv-5.15<5.15.0-1059.63~20.04.1
5.15.0-1059.63~20.04.1
ubuntu/linux-riscv-5.15<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-riscv-6.5<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-starfive<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-starfive-6.5<6.9~<6.8.2
6.9~
6.8.2
ubuntu/linux-xilinx-zynqmp<5.4.0-1047.51
5.4.0-1047.51
ubuntu/linux-xilinx-zynqmp<5.15.0-1030.34
5.15.0-1030.34
ubuntu/linux-xilinx-zynqmp<6.9~<6.8.2
6.9~
6.8.2

Remedy

https://git.kernel.org/stable/c/5c03387021cfa3336b97e0dcba38029917a8af2a

Remedy

https://git.kernel.org/stable/c/60044ab84836359534bd7153b92e9c1584140e4a

Remedy

https://git.kernel.org/stable/c/77fd5294ea09b21f6772ac954a121b87323cec80

Remedy

https://git.kernel.org/stable/c/b0ec2abf98267f14d032102551581c833b0659d3

Remedy

https://git.kernel.org/stable/c/c4c857723b37c20651300b3de4ff25059848b4b0

Remedy

https://git.kernel.org/stable/c/ca914f1cdee8a85799942c9b0ce5015bbd6844e1

Remedy

https://git.kernel.org/stable/c/ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b

Remedy

https://git.kernel.org/stable/c/f6723d8dbfdc10c784a56748f86a9a3cd410dbd5

Remedy

https://git.kernel.org/linus/c54419321455631079c7d6e60bc732dd0c5914c5

Remedy

https://git.kernel.org/linus/b0ec2abf98267f14d032102551581c833b0659d3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203