| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| net/smc: check return value of sock_recvmsg when draining clc data |
| |
| When receiving clc msg, the field length in smc_clc_msg_hdr indicates the |
| length of msg should be received from network and the value should not be |
| fully trusted as it is from the network. Once the value of length exceeds |
| the value of buflen in function smc_clc_wait_msg it may run into deadloop |
| when trying to drain the remaining data exceeding buflen. |
| |
| This patch checks the return value of sock_recvmsg when draining data in |
| case of deadloop in draining. |
| |
| The Linux kernel CVE team has assigned CVE-2024-57791 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 5.8 with commit fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1 and fixed in 5.10.233 with commit 82c7ad9ca09975aae737abffd66d1ad98874c13d |
| Issue introduced in 5.8 with commit fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1 and fixed in 5.15.176 with commit 6b80924af6216277892d5f091f5bfc7d1265fa28 |
| Issue introduced in 5.8 with commit fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1 and fixed in 6.1.122 with commit d7d1f986ebb284b1db8dafca7d1bdb6dd2445cf6 |
| Issue introduced in 5.8 with commit fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1 and fixed in 6.6.68 with commit 7a6927814b4256d603e202ae7c5e38db3b338896 |
| Issue introduced in 5.8 with commit fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1 and fixed in 6.12.7 with commit df3dfe1a93c6298d8c09a18e4fba19ef5b17763b |
| Issue introduced in 5.8 with commit fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1 and fixed in 6.13 with commit c5b8ee5022a19464783058dc6042e8eefa34e8cd |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-57791 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| net/smc/smc_clc.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/82c7ad9ca09975aae737abffd66d1ad98874c13d |
| https://git.kernel.org/stable/c/6b80924af6216277892d5f091f5bfc7d1265fa28 |
| https://git.kernel.org/stable/c/d7d1f986ebb284b1db8dafca7d1bdb6dd2445cf6 |
| https://git.kernel.org/stable/c/7a6927814b4256d603e202ae7c5e38db3b338896 |
| https://git.kernel.org/stable/c/df3dfe1a93c6298d8c09a18e4fba19ef5b17763b |
| https://git.kernel.org/stable/c/c5b8ee5022a19464783058dc6042e8eefa34e8cd |
