admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-476xx/CVE-2024-47685.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

167 lines
13 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-47685",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:05.397",
"lastModified": "2024-11-08T16:15:25.083",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\n\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending\ngarbage on the four reserved tcp bits (th->res1)\n\nUse skb_put_zero() to clear the whole TCP header,\nas done in nf_reject_ip_tcphdr_put()\n\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\n process_backlog+0x4ad/0xa50 net/core/dev.c:6108\n __napi_poll+0xe7/0x980 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\n handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\n __do_softirq+0x14/0x1a kernel/softirq.c:588\n do_softirq+0x9a/0x100 kernel/softirq.c:455\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\n __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\n inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\n __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\n tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\n __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\n inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\n __sys_connect_file net/socket.c:2061 [inline]\n __sys_connect+0x606/0x690 net/socket.c:2078\n __do_sys_connect net/socket.c:2088 [inline]\n __se_sys_connect net/socket.c:2085 [inline]\n __x64_sys_connect+0x91/0xe0 net/socket.c:2085\n x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_reject_ipv6: correcci\u00f3n de nf_reject_ip6_tcphdr_put() syzbot inform\u00f3 que nf_reject_ip6_tcphdr_put() posiblemente estaba enviando basura en los cuatro bits tcp reservados (th->res1) Utilice skb_put_zero() para borrar todo el encabezado TCP, como se hace en nf_reject_ip_tcphdr_put() ERROR: KMSAN: valor no inicializado en nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 evaluaci\u00f3n_operaciones_llamada_expr net/netfilter/nf_tables_core.c:240 [en l\u00ednea] nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn incluye/linux/netfilter.h:154 [en l\u00ednea] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook incluye/linux/netfilter.h:269 [en l\u00ednea] NF_HOOK incluye/linux/netfilter.h:312 [en l\u00ednea] ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5661 [en l\u00ednea] __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775 process_backlog+0x4ad/0xa50 net/core/dev.c:6108 __napi_poll+0xe7/0x980 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [en l\u00ednea] net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963 handle_softirqs+0x1ce/0x800 kernel/softirq.c:554 __do_softirq+0x14/0x1a kernel/softirq.c:588 do_softirq+0x9a/0x100 kernel/softirq.c:455 __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [en l\u00ednea] rcu_read_unlock_bh incluir/linux/rcupdate.h:908 [en l\u00ednea] __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450 dev_queue_xmit incluir/linux/netdevice.h:3105 [en l\u00ednea] neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565 neigh_output incluir/net/neighbour.h:542 [en l\u00ednea] ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [en l\u00ednea] ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226 NF_HOOK_COND incluye/linux/netfilter.h:303 [en l\u00ednea] ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247 dst_output incluye/net/dst.h:450 [en l\u00ednea] NF_HOOK incluye/linux/netfilter.h:314 [en l\u00ednea] ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366 inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [en l\u00ednea] tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143 tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333 __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679 inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750 __sys_connect_file net/socket.c:2061 [en l\u00ednea] __sys_connect+0x606/0x690 net/socket.c:2078 __do_sys_connect net/socket.c:2088 [en l\u00ednea] __se_sys_connect net/socket.c:2085 [en l\u00ednea] __x64_sys_connect+0x91/0xe0 net/socket.c:2085 x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit se almacen\u00f3 en la memoria en: nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 evaluaci\u00f3n_operaciones_llamada_expr net/netfilter/nf_tables_core.c:240 [en l\u00ednea] nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn incluye/linux/netfilter.h:154 [en l\u00ednea] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook incluye/linux/netfilter.h:269 [en l\u00ednea] NF_HOOK incluye/linux/netfilter.h:312 [en l\u00ednea] ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core ---truncado---"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "5C882E98-F19D-47B6-A807-73BB9ABA763C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.54",
"matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.13",
"matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.2",
"matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/10210658f827ad45061581cbfc05924b723e8922",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7a7b5a27c53b55e91eecf646d1b204e73fa4af93",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7bcbc4cda777d26c88500d973fad0d497fc8a82e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/872eca64c3267dbc5836b715716fc6c03a18eda7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c778fe48d20ef362047e3376dee56d77f8500d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/af4b8a704f26f38310655bad67fd8096293275a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dcf48ab3ca2c55b09c8f9c8de0df01c1943bc4e5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fbff87d682e57ddbbe82abf6d0a1a4a36a98afcd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink