| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext\n\nAccess to genmask field in struct nft_set_ext results in unaligned\natomic read:\n\n[ 72.130109] Unable to handle kernel paging request at virtual address ffff0000c2bb708c\n[ 72.131036] Mem abort info:\n[ 72.131213] ESR = 0x0000000096000021\n[ 72.131446] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 72.132209] SET = 0, FnV = 0\n[ 72.133216] EA = 0, S1PTW = 0\n[ 72.134080] FSC = 0x21: alignment fault\n[ 72.135593] Data abort info:\n[ 72.137194] ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000\n[ 72.142351] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 72.145989] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 72.150115] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000237d27000\n[ 72.154893] [ffff0000c2bb708c] pgd=0000000000000000, p4d=180000023ffff403, pud=180000023f84b403, pmd=180000023f835403,\n+pte=0068000102bb7707\n[ 72.163021] Internal error: Oops: 0000000096000021 [#1] SMP\n[...]\n[ 72.170041] CPU: 7 UID: 0 PID: 54 Comm: kworker/7:0 Tainted: G E 6.13.0-rc3+ #2\n[ 72.170509] Tainted: [E]=UNSIGNED_MODULE\n[ 72.170720] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-stable202302-for-qemu 03/01/2023\n[ 72.171192] Workqueue: events_power_efficient nft_rhash_gc [nf_tables]\n[ 72.171552] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 72.171915] pc : nft_rhash_gc+0x200/0x2d8 [nf_tables]\n[ 72.172166] lr : nft_rhash_gc+0x128/0x2d8 [nf_tables]\n[ 72.172546] sp : ffff800081f2bce0\n[ 72.172724] x29: ffff800081f2bd40 x28: ffff0000c2bb708c x27: 0000000000000038\n[ 72.173078] x26: ffff0000c6780ef0 x25: ffff0000c643df00 x24: ffff0000c6778f78\n[ 72.173431] x23: 000000000000001a x22: ffff0000c4b1f000 x21: ffff0000c6780f78\n[ 72.173782] x20: ffff0000c2bb70dc x19: ffff0000c2bb7080 x18: 0000000000000000\n[ 72.174135] x17: ffff0000c0a4e1c0 x16: 0000000000003000 x15: 0000ac26d173b978\n[ 72.174485] x14: ffffffffffffffff x13: 0000000000000030 x12: ffff0000c6780ef0\n[ 72.174841] x11: 0000000000000000 x10: ffff800081f2bcf8 x9 : ffff0000c3000000\n[ 72.175193] x8 : 00000000000004be x7 : 0000000000000000 x6 : 0000000000000000\n[ 72.175544] x5 : 0000000000000040 x4 : ffff0000c3000010 x3 : 0000000000000000\n[ 72.175871] x2 : 0000000000003a98 x1 : ffff0000c2bb708c x0 : 0000000000000004\n[ 72.176207] Call trace:\n[ 72.176316] nft_rhash_gc+0x200/0x2d8 [nf_tables] (P)\n[ 72.176653] process_one_work+0x178/0x3d0\n[ 72.176831] worker_thread+0x200/0x3f0\n[ 72.176995] kthread+0xe8/0xf8\n[ 72.177130] ret_from_fork+0x10/0x20\n[ 72.177289] Code: 54fff984 d503201f d2800080 91003261 (f820303f)\n[ 72.177557] ---[ end trace 0000000000000000 ]---\n\nAlign struct nft_set_ext to word size to address this and\ndocumentation it.\n\npahole reports that this increases the size of elements for rhash and\npipapo in 8 bytes on x86_64." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "include/net/netfilter/nf_tables.h" |
| ], |
| "versions": [ |
| { |
| "version": "98d62cf0e26305dd6a1932a4054004290f4194bb", |
| "lessThan": "352f8eaaabd008f09d1e176194edc261a7304084", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e21855091f11df80d41239dbc5f8545b772c657d", |
| "lessThan": "6a14b46052eeb83175a95baf399283860b9d94c4", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "59a59da8de47848575eedc141a74aae57696706d", |
| "lessThan": "277f00b0c2dca8794cf4837722960bdc4174911f", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "23a6919bb3ecf6787f060476ee6810ad55ebf9c8", |
| "lessThan": "607774a13764676d4b8be9c8b9c66b8cf3469043", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "86c27603514cb8ead29857365cdd145404ee9706", |
| "lessThan": "4f49349c1963e507aa37c1ec05178faeb0103959", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "be4d0ac67d92e6a285cd3eeb672188d249c121b2", |
| "lessThan": "d24cbc43cc7b41a0824b0bc6ec4d8436d8d7a9c0", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "7ffc7481153bbabf3332c6a19b289730c7e1edf5", |
| "lessThan": "542ed8145e6f9392e3d0a86a0e9027d2ffd183e4", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "include/net/netfilter/nf_tables.h" |
| ], |
| "versions": [ |
| { |
| "version": "5.4.287", |
| "lessThan": "5.4.289", |
| "status": "affected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.231", |
| "lessThan": "5.10.233", |
| "status": "affected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.174", |
| "lessThan": "5.15.176", |
| "status": "affected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.120", |
| "lessThan": "6.1.124", |
| "status": "affected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.66", |
| "lessThan": "6.6.70", |
| "status": "affected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.5", |
| "lessThan": "6.12.9", |
| "status": "affected", |
| "versionType": "semver" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4.287", |
| "versionEndExcluding": "5.4.289" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10.231", |
| "versionEndExcluding": "5.10.233" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.15.174", |
| "versionEndExcluding": "5.15.176" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.1.120", |
| "versionEndExcluding": "6.1.124" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.6.66", |
| "versionEndExcluding": "6.6.70" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.12.5", |
| "versionEndExcluding": "6.12.9" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/352f8eaaabd008f09d1e176194edc261a7304084" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/6a14b46052eeb83175a95baf399283860b9d94c4" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/277f00b0c2dca8794cf4837722960bdc4174911f" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/607774a13764676d4b8be9c8b9c66b8cf3469043" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/4f49349c1963e507aa37c1ec05178faeb0103959" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/d24cbc43cc7b41a0824b0bc6ec4d8436d8d7a9c0" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/542ed8145e6f9392e3d0a86a0e9027d2ffd183e4" |
| } |
| ], |
| "title": "netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-54031", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
