{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-57948", "ASSIGNER": "cve@kernel.org", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(&sdata->list)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local->interfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 <0f> 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Linux", "product": { "product_data": [ { "product_name": "Linux", "version": { "version_data": [ { "version_affected": "<", "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "version_value": "0d11dc30edfc4acef0acef130bb5ca596317190a" }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "version": "5.4.290", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.234", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.177", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.1.127", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.6.74", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.12.11", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ], "defaultStatus": "affected" } } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://git.kernel.org/stable/c/0d11dc30edfc4acef0acef130bb5ca596317190a", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/0d11dc30edfc4acef0acef130bb5ca596317190a" }, { "url": "https://git.kernel.org/stable/c/98ea165a2ac240345c48b57c0a3d08bbcad02929", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/98ea165a2ac240345c48b57c0a3d08bbcad02929" }, { "url": "https://git.kernel.org/stable/c/80aee0bc0dbe253b6692d33e64455dc742fc52f1", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/80aee0bc0dbe253b6692d33e64455dc742fc52f1" }, { "url": "https://git.kernel.org/stable/c/41e4ca8acba39f1cecff2dfdf14ace4ee52c4272", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/41e4ca8acba39f1cecff2dfdf14ace4ee52c4272" }, { "url": "https://git.kernel.org/stable/c/2e41e98c4e79edae338f2662dbdf74ac2245d183", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/2e41e98c4e79edae338f2662dbdf74ac2245d183" }, { "url": "https://git.kernel.org/stable/c/b856d2c1384bc5a7456262afd21aa439ee5cdf6e", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/b856d2c1384bc5a7456262afd21aa439ee5cdf6e" }, { "url": "https://git.kernel.org/stable/c/eb09fbeb48709fe66c0d708aed81e910a577a30a", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/eb09fbeb48709fe66c0d708aed81e910a577a30a" } ] }, "generator": { "engine": "bippy-5f407fcff5a0" } }