CVE-2024-26803— net: veth: clear GRO when clearing XDP even when down
Affected Version Matrix 12
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c< f011c103e654d83dc85f057a7d1bd0960d02831c | affected |
d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c< 7985d73961bbb4e726c1be7b9cd26becc7be8325 | affected | ||
d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c< 16edf51f33f52dff70ed455bc40a6cc443c04664 | affected | ||
d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c< 8f7a3894e58e6f5d5815533cfde60e3838947941 | affected | ||
d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c< fe9f801355f0b47668419f30f1fac1cf4539e736 | affected | ||
5.13 | affected | ||
< 5.13 | unaffected | ||
5.15.151≤ 5.15.* | unaffected | ||
| … +4 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-26803
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
net: veth: clear GRO when clearing XDP even when down
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: veth: clear GRO when clearing XDP even when down veth sets NETIF_F_GRO automatically when XDP is enabled, because both features use the same NAPI machinery. The logic to clear NETIF_F_GRO sits in veth_disable_xdp() which is called both on ndo_stop and when XDP is turned off. To avoid the flag from being cleared when the device is brought down, the clearing is skipped when IFF_UP is not set. Bringing the device down should indeed not modify its features. Unfortunately, this means that clearing is also skipped when XDP is disabled _while_ the device is down. And there's nothing on the open path to bring the device features back into sync. IOW if user enables XDP, disables it and then brings the device up we'll end up with a stray GRO flag set but no NAPI instances. We don't depend on the GRO flag on the datapath, so the datapath won't crash. We will crash (or hang), however, next time features are sync'ed (either by user via ethtool or peer changing its config). The GRO flag will go away, and veth will try to disable the NAPIs. But the open path never created them since XDP was off, the GRO flag was a stray. If NAPI was initialized before we'll hang in napi_disable(). If it never was we'll crash trying to stop uninitialized hrtimer. Move the GRO flag updates to the XDP enable / disable paths, instead of mixing them with the ndo_open / ndo_close paths.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于 net veth 中存在安全问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-26803
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-26803
请登录查看更多情报信息。
Other References for CVE-2024-26803 (5)
Same Patch Batch · Linux · 2024-04-04 · 32 CVEs total
| CVE-2024-26792 | btrfs: fix double free of anonymous device after snapshot creation failure | |
| CVE-2024-26809 | netfilter: nft_set_pipapo: release elements in clone only from destroy path | |
| CVE-2024-26808 | netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain | |
| CVE-2024-26807 | spi: cadence-qspi: fix pointer reference in runtime PM hooks | |
| CVE-2024-26806 | spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks | |
| CVE-2024-26805 | netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter | |
| CVE-2024-26804 | net: ip_tunnel: prevent perpetual headroom growth | |
| CVE-2024-26802 | stmmac: Clear variable when destroying workqueue | |
| CVE-2024-26800 | tls: fix use-after-free on failed backlog decryption | |
| CVE-2024-26801 | Bluetooth: Avoid potential use-after-free in hci_error_reset | |
| CVE-2024-26799 | ASoC: qcom: Fix uninitialized pointer dmactl | |
| CVE-2024-26798 | fbcon: always restore the old font data in fbcon_do_set_font() | |
| CVE-2024-26797 | drm/amd/display: Prevent potential buffer overflow in map_hw_resources | |
| CVE-2024-26796 | drivers: perf: ctr_get_width function for legacy is not defined | |
| CVE-2024-26795 | riscv: Sparse-Memory/vmemmap out-of-bounds fix | |
| CVE-2024-26793 | gtp: fix use-after-free and null-ptr-deref in gtp_newlink() | |
| CVE-2024-26745 | powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV | |
| CVE-2024-26791 | btrfs: dev-replace: properly validate device names | |
| CVE-2024-26790 | dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read | |
| CVE-2024-26789 | crypto: arm64/neonbs - fix out-of-bounds access on short input |
Showing top 20 of 32 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2024-26803
No comments yet