mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
20 lines
2.0 KiB
Markdown
20 lines
2.0 KiB
Markdown
### [CVE-2024-45001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45001)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Description
|
|
|
|
In the Linux kernel, the following vulnerability has been resolved:net: mana: Fix RX buf alloc_size alignment and atomic op panicThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() tocreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignmentis affected by the alloc_size passed into napi_build_skb(). The size needsto be aligned properly for better performance and atomic operations.Otherwise, on ARM64 CPU, for certain MTU settings like 4000, atomicoperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.To fix this bug, add proper alignment to the alloc_size calculation.Sample panic info:[ 253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce[ 253.300900] Mem abort info:[ 253.301760] ESR = 0x0000000096000021[ 253.302825] EC = 0x25: DABT (current EL), IL = 32 bits[ 253.304268] SET = 0, FnV = 0[ 253.305172] EA = 0, S1PTW = 0[ 253.306103] FSC = 0x21: alignment faultCall trace: __skb_clone+0xfc/0x198 skb_clone+0x78/0xe0 raw6_local_deliver+0xfc/0x228 ip6_protocol_deliver_rcu+0x80/0x500 ip6_input_finish+0x48/0x80 ip6_input+0x48/0xc0 ip6_sublist_rcv_finish+0x50/0x78 ip6_sublist_rcv+0x1cc/0x2b8 ipv6_list_rcv+0x100/0x150 __netif_receive_skb_list_core+0x180/0x220 netif_receive_skb_list_internal+0x198/0x2a8 __napi_poll+0x138/0x250 net_rx_action+0x148/0x330 handle_softirqs+0x12c/0x3a0
|
|
|
|
### POC
|
|
|
|
#### Reference
|
|
No PoCs from references.
|
|
|
|
#### Github
|
|
- https://github.com/w4zu/Debian_security
|
|
|