Linux Kernel up to 6.6.23/6.7.11/6.8.2 netdev get_device_state denial of service

Summaryinfo

A vulnerability was found in Linux Kernel up to 6.6.23/6.7.11/6.8.2 and classified as critical. This impacts the function get_device_state of the component netdev. Such manipulation leads to denial of service. This vulnerability is referenced as CVE-2024-27063. No exploit is available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability was found in Linux Kernel up to 6.6.23/6.7.11/6.8.2. It has been rated as critical. Affected by this issue is the function get_device_state of the component netdev. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability. CVE summarizes:

In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kernel panic on interface rename trig notify Commit d5e01266e7f5 ("leds: trigger: netdev: add additional specific link speed mode") in the various changes, reworked the way to set the LINKUP mode in commit cee4bd16c319 ("leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename") and moved it to a generic function. This changed the logic where, in the previous implementation the dev from the trigger event was used to check if the carrier was ok, but in the new implementation with the generic function, the dev in trigger_data is used instead. This is problematic and cause a possible kernel panic due to the fact that the dev in the trigger_data still reference the old one as the new one (passed from the trigger event) still has to be hold and saved in the trigger_data struct (done in the NETDEV_REGISTER case). On calling of get_device_state(), an invalid net_dev is used and this cause a kernel panic. To handle this correctly, move the call to get_device_state() after the new net_dev is correctly set in trigger_data (in the NETDEV_REGISTER case) and correctly parse the new dev.

The advisory is shared for download at git.kernel.org. This vulnerability is handled as CVE-2024-27063 since 02/19/2024. There are known technical details, but no exploit is available.

Upgrading to version 6.6.24, 6.7.12, 6.8.3 or 6.9-rc1 eliminates this vulnerability. Applying the patch 10f2af1af8ab/acd025c7a7d1/3f360227cb46/415798bc07dd is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2024-1008). Once again VulDB remains the best source for vulnerability data.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• Oracle VM
• EMC Avamar
• IBM QRadar SIEM
• Dell NetWorker
• IBM Security Guardium
• RESF Rocky Linux
• Broadcom Brocade SANnav
• Open Source Linux Kernel
• IBM Business Automation Workflow
• IBM Spectrum Protect Plus
• Dell Avamar
• Juniper Junos Space
• IBM DataPower Gateway
• IBM Storage Scale System
• SolarWinds Security Event Manager
• Dell PowerProtect Data Domain
• Dell PowerScale OneFS

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.6.0
• 6.6.1
• 6.6.2
• 6.6.3
• 6.6.4
• 6.6.5
• 6.6.6
• 6.6.7
• 6.6.8
• 6.6.9
• 6.6.10
• 6.6.11
• 6.6.12
• 6.6.13
• 6.6.14
• 6.6.15
• 6.6.16
• 6.6.17
• 6.6.18
• 6.6.19
• 6.6.20
• 6.6.21
• 6.6.22
• 6.6.23
• 6.7.0
• 6.7.1
• 6.7.2
• 6.7.3
• 6.7.4
• 6.7.5
• 6.7.6
• 6.7.7
• 6.7.8
• 6.7.9
• 6.7.10
• 6.7.11
• 6.8.0
• 6.8.1
• 6.8.2

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion