Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-56372— net: tun: fix tun_napi_alloc_frags()

EPSS 0.02% · P4
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-56372

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
net: tun: fix tun_napi_alloc_frags()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: tun: fix tun_napi_alloc_frags() syzbot reported the following crash [1] Issue came with the blamed commit. Instead of going through all the iov components, we keep using the first one and end up with a malformed skb. [1] kernel BUG at net/core/skbuff.c:2849 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 6230 Comm: syz-executor132 Not tainted 6.13.0-rc1-syzkaller-00407-g96b6fcc0ee41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:__pskb_pull_tail+0x1568/0x1570 net/core/skbuff.c:2848 Code: 38 c1 0f 8c 32 f1 ff ff 4c 89 f7 e8 92 96 74 f8 e9 25 f1 ff ff e8 e8 ae 09 f8 48 8b 5c 24 08 e9 eb fb ff ff e8 d9 ae 09 f8 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc90004cbef30 EFLAGS: 00010293 RAX: ffffffff8995c347 RBX: 00000000fffffff2 RCX: ffff88802cf45a00 RDX: 0000000000000000 RSI: 00000000fffffff2 RDI: 0000000000000000 RBP: ffff88807df0c06a R08: ffffffff8995b084 R09: 1ffff1100fbe185c R10: dffffc0000000000 R11: ffffed100fbe185d R12: ffff888076e85d50 R13: ffff888076e85c80 R14: ffff888076e85cf4 R15: ffff888076e85c80 FS: 00007f0dca6ea6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0dca6ead58 CR3: 00000000119da000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_cow_data+0x2da/0xcb0 net/core/skbuff.c:5284 tipc_aead_decrypt net/tipc/crypto.c:894 [inline] tipc_crypto_rcv+0x402/0x24e0 net/tipc/crypto.c:1844 tipc_rcv+0x57e/0x12a0 net/tipc/node.c:2109 tipc_l2_rcv_msg+0x2bd/0x450 net/tipc/bearer.c:668 __netif_receive_skb_list_ptype net/core/dev.c:5720 [inline] __netif_receive_skb_list_core+0x8b7/0x980 net/core/dev.c:5762 __netif_receive_skb_list net/core/dev.c:5814 [inline] netif_receive_skb_list_internal+0xa51/0xe30 net/core/dev.c:5905 gro_normal_list include/net/gro.h:515 [inline] napi_complete_done+0x2b5/0x870 net/core/dev.c:6256 napi_complete include/linux/netdevice.h:567 [inline] tun_get_user+0x2ea0/0x4890 drivers/net/tun.c:1982 tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2057 do_iter_readv_writev+0x600/0x880 vfs_writev+0x376/0xba0 fs/read_write.c:1050 do_writev+0x1b6/0x360 fs/read_write.c:1096 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于net: tun模块的tun_napi_alloc_frags函数可能导致内核崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux de4f5fed3f231a8ff4790bf52975f847b95b85ea ~ efe74dd58a72bd987b158142c904b7ef2ad132e2 -
LinuxLinux 6.4 -

II. Public POCs for CVE-2024-56372

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-56372

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-01-11 · 67 CVEs total

CVE-2024-57793virt: tdx-guest: Just leak decrypted memory on unrecoverable errors
CVE-2024-57878arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR
CVE-2024-57877arm64: ptrace: fix partial SETREGSET for NT_ARM_POE
CVE-2024-57876drm/dp_mst: Fix resetting msg rx state after topology removal
CVE-2024-57806btrfs: fix transaction atomicity bug when enabling simple quotas
CVE-2024-57805ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP
CVE-2024-57804scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs
CVE-2024-57800ALSA: memalloc: prefer dma_mapping_error() over explicit address checking
CVE-2024-57799phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM
CVE-2024-57798drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()
CVE-2024-57807scsi: megaraid_sas: Fix for a potential deadlock
CVE-2024-57792power: supply: gpio-charger: Fix set charge current limits
CVE-2024-57791net/smc: check return value of sock_recvmsg when draining clc data
CVE-2024-56788net: ethernet: oa_tc6: fix tx skb race condition between reference pointers
CVE-2024-56369drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
CVE-2024-56368ring-buffer: Fix overflow in __rb_map_vma
CVE-2024-55916Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
CVE-2024-55881KVM: x86: Play nice with protected guests in complete_hypercall_exit()
CVE-2024-54193accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal()
CVE-2024-54455accel/ivpu: Fix general protection fault in ivpu_bo_list()

Showing top 20 of 67 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-56372

No comments yet

Leave a comment