In the Linux kernel, the following vulnerability has been resolved:
netfilter: bridge: replace physindev with physinif in nfbridgeinfo
An skb can be added to a neigh->arpqueue while waiting for an arp reply. Where original skb's skb->dev can be different to neigh's neigh->dev. For instance in case of bridging dnated skb from one veth to another, the skb would be added to a neigh->arpqueue of the bridge.
As skb->dev can be reset back to nfbridge->physindev and used, and as there is no explicit mechanism that prevents this physindev from been freed under us (for instance neighflush_dev doesn't cleanup skbs from different device's neigh queue) we can crash on e.g. this stack:
arpprocess neighupdate skb = _skbdequeue(&neigh->arpqueue) neighresolveoutput(..., skb) ... brnfdevxmit brnfpreroutingfinishbridgeslow skb->dev = nfbridge->physindev brhandleframefinish
Let's use plain ifindex instead of netdevice link. To peek into the original netdevice we will use devgetbyindexrcu(). Thus either we get device and are safe to use it or we don't get it and drop skb.
[ { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "function": "nf_send_reset6", "file": "net/ipv6/netfilter/nf_reject_ipv6.c" }, "digest": { "function_hash": "266192828965210875145660496705059278344", "length": 2212.0 }, "id": "CVE-2024-35839-0da5ec86" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "function": "br_nf_forward_finish", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "216962085930190387015833570126745156241", "length": 739.0 }, "id": "CVE-2024-35839-0dabcf43" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "function": "nf_bridge_get_physindev", "file": "include/linux/netfilter_bridge.h" }, "digest": { "function_hash": "20275677762807431239110372004105565546", "length": 154.0 }, "id": "CVE-2024-35839-1b22599b" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_ipv6", "file": "net/bridge/br_netfilter_ipv6.c" }, "digest": { "function_hash": "88766956349738941988504517332361866163", "length": 1221.0 }, "id": "CVE-2024-35839-1ce7dcb9" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "file": "include/linux/netfilter_bridge.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "50744503791700505994285826142598575465", "113452547670750413697205370534021172845", "106980907698226082941821415147177890549", "8036374603626620148168899409961340935", "271628878267742137968270748602584672927", "182484470019225300845955695833657563360", "301436446979040289967112657008714518231", "332855404439221093582877622390608744640" ] }, "id": "CVE-2024-35839-20b612ef" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "164236889386493135004909981772942181669", "238392293103927082062703302961010458424", "262029044440458940521891008623020116299", "218995843630762209254344083516846984128", "167098329209095589881905191672279383835", "285372920294077489246502170094421078910", "100568494409320914081853082879205410082", "238604409746292497028362051354565511475", "199074294435277481742223086533692210822", "224830043773559254567003285460092223693", "216133820834604142887454060470845267099", "286837886603369973965625829843529248466", "297668957448821167498859001941216520589", "327575739039572945983978750734988099256", "238244287957002813307641314027903901757", "229117521983090237455294223836218077737", "298924985132842128280215264486159110788", "153621493627712195101625507967643221760", "124715472904907401765209684040975003652", "325356046922071372251281488984776364373", "3402814118917212298998795322758361454", "57483559499388109799444937702565308709", "133784419119680888210444441140044942849", "28762558668865807597079983071540262494", "288204071924622816413805565293495818063", "239804224792265364323881836661164400437", "144589330764165375495296742284888817241", "321011508547068039476120451137603455318", "132919250299528248086950567055349617789", "80980657528894652545058088628606830029", "163093986707125560386185776705842594533", "216602253611422985992004922362067803040", "237043056472073540525355196521220613466", "22231720972001371122651515007384209246", "96166244288997959350243549031242774925", "154256786853619370369700246283487676459", "235645187565951753452268110920171255849", "187863708607398173353061170726481671225", "23579154258825840755537016596066781655", "331076149812692661128411240085014054604", "300864154038850202542647671558176753601", "107013472798894325175436361303704209111" ] }, "id": "CVE-2024-35839-24026db7" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "19724072212054889061933215055999655353", "length": 1610.0 }, "id": "CVE-2024-35839-300ed012" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "file": "net/bridge/br_netfilter_ipv6.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "270396559027314378150928138433105423613", "198456385282203330315191287127953132327", "254984346575964011863138164783569479789", "196157807942632813078664574562243887860", "170814644580054889158145347871132379358", "302815249259370182503248847797401118418", "166683743709364241254533532758137970717", "99497047490859908441678220149503513265", "153621493627712195101625507967643221760", "331874479137209886695278715487436711915", "128700763926107239397770135800026222447", "3402814118917212298998795322758361454", "57483559499388109799444937702565308709", "133784419119680888210444441140044942849", "28762558668865807597079983071540262494", "288204071924622816413805565293495818063", "25686093730403734231063058588753418744" ] }, "id": "CVE-2024-35839-3f5488f2" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "function": "nf_send_reset6", "file": "net/ipv6/netfilter/nf_reject_ipv6.c" }, "digest": { "function_hash": "311062772929538841492204318335213067912", "length": 2246.0 }, "id": "CVE-2024-35839-518e1477" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_ipv6", "file": "net/bridge/br_netfilter_ipv6.c" }, "digest": { "function_hash": "88766956349738941988504517332361866163", "length": 1221.0 }, "id": "CVE-2024-35839-51d35b91" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "file": "include/linux/netfilter_bridge.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "50744503791700505994285826142598575465", "113452547670750413697205370534021172845", "106980907698226082941821415147177890549", "8036374603626620148168899409961340935", "271628878267742137968270748602584672927", "182484470019225300845955695833657563360", "301436446979040289967112657008714518231", "332855404439221093582877622390608744640" ] }, "id": "CVE-2024-35839-522be2a0" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "function": "nf_bridge_get_physinif", "file": "include/linux/netfilter_bridge.h" }, "digest": { "function_hash": "333828579425828437825923171927023883794", "length": 181.0 }, "id": "CVE-2024-35839-52698542" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "file": "net/ipv6/netfilter/nf_reject_ipv6.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "269788786218825615626061995617542823573", "28253426805480878635572608865775125440", "329095109404806214814975144184289565932", "52105356645842947732972678298683756326", "106950382673311518749698131059305920757", "338568811585772570310012752075359361538", "101185528730863382709571470500411452378", "211140732761160744267934718267680242198", "307317123820147170843322999855618745677", "203689014416024010884177630991455456797" ] }, "id": "CVE-2024-35839-57953bd7" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "function": "nf_bridge_get_physindev", "file": "include/linux/netfilter_bridge.h" }, "digest": { "function_hash": "20275677762807431239110372004105565546", "length": 154.0 }, "id": "CVE-2024-35839-59616273" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "164236889386493135004909981772942181669", "238392293103927082062703302961010458424", "262029044440458940521891008623020116299", "218995843630762209254344083516846984128", "167098329209095589881905191672279383835", "285372920294077489246502170094421078910", "100568494409320914081853082879205410082", "238604409746292497028362051354565511475", "199074294435277481742223086533692210822", "224830043773559254567003285460092223693", "216133820834604142887454060470845267099", "286837886603369973965625829843529248466", "297668957448821167498859001941216520589", "327575739039572945983978750734988099256", "238244287957002813307641314027903901757", "229117521983090237455294223836218077737", "298924985132842128280215264486159110788", "153621493627712195101625507967643221760", "124715472904907401765209684040975003652", "325356046922071372251281488984776364373", "3402814118917212298998795322758361454", "57483559499388109799444937702565308709", "133784419119680888210444441140044942849", "28762558668865807597079983071540262494", "288204071924622816413805565293495818063", "239804224792265364323881836661164400437", "144589330764165375495296742284888817241", "321011508547068039476120451137603455318", "132919250299528248086950567055349617789", "80980657528894652545058088628606830029", "163093986707125560386185776705842594533", "216602253611422985992004922362067803040", "237043056472073540525355196521220613466", "22231720972001371122651515007384209246", "96166244288997959350243549031242774925", "154256786853619370369700246283487676459", "235645187565951753452268110920171255849", "187863708607398173353061170726481671225", "23579154258825840755537016596066781655", "331076149812692661128411240085014054604", "300864154038850202542647671558176753601", "107013472798894325175436361303704209111" ] }, "id": "CVE-2024-35839-63ecc85b" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "function": "nf_send_reset", "file": "net/ipv4/netfilter/nf_reject_ipv4.c" }, "digest": { "function_hash": "222586568280494704286762620904063139339", "length": 1425.0 }, "id": "CVE-2024-35839-6de13fc4" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "function": "setup_pre_routing", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "266339150692360603505567040482121702681", "length": 562.0 }, "id": "CVE-2024-35839-6f07f92c" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "19724072212054889061933215055999655353", "length": 1610.0 }, "id": "CVE-2024-35839-7167f9a2" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_bridge", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "53936117603397591971027641675880562281", "length": 761.0 }, "id": "CVE-2024-35839-7176b2dd" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_bridge", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "53936117603397591971027641675880562281", "length": 761.0 }, "id": "CVE-2024-35839-71932eb8" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "164236889386493135004909981772942181669", "238392293103927082062703302961010458424", "262029044440458940521891008623020116299", "218995843630762209254344083516846984128", "167098329209095589881905191672279383835", "285372920294077489246502170094421078910", "100568494409320914081853082879205410082", "238604409746292497028362051354565511475", "199074294435277481742223086533692210822", "224830043773559254567003285460092223693", "216133820834604142887454060470845267099", "286837886603369973965625829843529248466", "297668957448821167498859001941216520589", "327575739039572945983978750734988099256", "238244287957002813307641314027903901757", "229117521983090237455294223836218077737", "298924985132842128280215264486159110788", "153621493627712195101625507967643221760", "124715472904907401765209684040975003652", "325356046922071372251281488984776364373", "3402814118917212298998795322758361454", "57483559499388109799444937702565308709", "133784419119680888210444441140044942849", "28762558668865807597079983071540262494", "288204071924622816413805565293495818063", "239804224792265364323881836661164400437", "144589330764165375495296742284888817241", "321011508547068039476120451137603455318", "132919250299528248086950567055349617789", "80980657528894652545058088628606830029", "163093986707125560386185776705842594533", "216602253611422985992004922362067803040", "237043056472073540525355196521220613466", "22231720972001371122651515007384209246", "96166244288997959350243549031242774925", "154256786853619370369700246283487676459", "235645187565951753452268110920171255849", "187863708607398173353061170726481671225", "23579154258825840755537016596066781655", "331076149812692661128411240085014054604", "300864154038850202542647671558176753601", "107013472798894325175436361303704209111" ] }, "id": "CVE-2024-35839-74296156" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "file": "net/ipv4/netfilter/nf_reject_ipv4.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "155881521568639639840833298557846870108", "28253426805480878635572608865775125440", "149953868464522567511538703903120466861", "52281113772741856721332900738986764900", "6909237759465475354838075669593182429", "124737115473024593746495564819966155499", "101185528730863382709571470500411452378", "211140732761160744267934718267680242198", "63774701430786127226119499399848562330", "181957952871714486051731377791453937068" ] }, "id": "CVE-2024-35839-74826f7a" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "file": "net/ipv6/netfilter/nf_reject_ipv6.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "269788786218825615626061995617542823573", "28253426805480878635572608865775125440", "329095109404806214814975144184289565932", "52105356645842947732972678298683756326", "106950382673311518749698131059305920757", "338568811585772570310012752075359361538", "101185528730863382709571470500411452378", "211140732761160744267934718267680242198", "307317123820147170843322999855618745677", "203689014416024010884177630991455456797" ] }, "id": "CVE-2024-35839-76a987df" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "function": "nf_bridge_get_physinif", "file": "include/linux/netfilter_bridge.h" }, "digest": { "function_hash": "333828579425828437825923171927023883794", "length": 181.0 }, "id": "CVE-2024-35839-7758a440" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "file": "include/linux/skbuff.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "8606634604111134936017123718248133801", "254849966707661873576948198042865731", "28549596192832905682853432087833047719", "207210768741913844094605106809967214666" ] }, "id": "CVE-2024-35839-784d9f72" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "164236889386493135004909981772942181669", "238392293103927082062703302961010458424", "262029044440458940521891008623020116299", "218995843630762209254344083516846984128", "167098329209095589881905191672279383835", "285372920294077489246502170094421078910", "100568494409320914081853082879205410082", "238604409746292497028362051354565511475", "199074294435277481742223086533692210822", "224830043773559254567003285460092223693", "216133820834604142887454060470845267099", "286837886603369973965625829843529248466", "297668957448821167498859001941216520589", "327575739039572945983978750734988099256", "238244287957002813307641314027903901757", "229117521983090237455294223836218077737", "298924985132842128280215264486159110788", "153621493627712195101625507967643221760", "124715472904907401765209684040975003652", "325356046922071372251281488984776364373", "3402814118917212298998795322758361454", "57483559499388109799444937702565308709", "133784419119680888210444441140044942849", "28762558668865807597079983071540262494", "288204071924622816413805565293495818063", "239804224792265364323881836661164400437", "144589330764165375495296742284888817241", "321011508547068039476120451137603455318", "132919250299528248086950567055349617789", "80980657528894652545058088628606830029", "163093986707125560386185776705842594533", "216602253611422985992004922362067803040", "237043056472073540525355196521220613466", "22231720972001371122651515007384209246", "96166244288997959350243549031242774925", "154256786853619370369700246283487676459", "235645187565951753452268110920171255849", "187863708607398173353061170726481671225", "23579154258825840755537016596066781655", "331076149812692661128411240085014054604", "300864154038850202542647671558176753601", "107013472798894325175436361303704209111" ] }, "id": "CVE-2024-35839-789a24e8" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "function": "nf_send_reset", "file": "net/ipv4/netfilter/nf_reject_ipv4.c" }, "digest": { "function_hash": "252208339663636809247800899183619030202", "length": 1459.0 }, "id": "CVE-2024-35839-7eefdc3d" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "function": "br_nf_forward_finish", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "216962085930190387015833570126745156241", "length": 739.0 }, "id": "CVE-2024-35839-83060d9a" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "function": "br_nf_forward_finish", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "216962085930190387015833570126745156241", "length": 739.0 }, "id": "CVE-2024-35839-85a4e592" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "file": "net/bridge/br_netfilter_ipv6.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "270396559027314378150928138433105423613", "198456385282203330315191287127953132327", "254984346575964011863138164783569479789", "196157807942632813078664574562243887860", "170814644580054889158145347871132379358", "302815249259370182503248847797401118418", "166683743709364241254533532758137970717", "99497047490859908441678220149503513265", "153621493627712195101625507967643221760", "331874479137209886695278715487436711915", "128700763926107239397770135800026222447", "3402814118917212298998795322758361454", "57483559499388109799444937702565308709", "133784419119680888210444441140044942849", "28762558668865807597079983071540262494", "288204071924622816413805565293495818063", "25686093730403734231063058588753418744" ] }, "id": "CVE-2024-35839-86d77c5a" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "file": "net/ipv4/netfilter/nf_reject_ipv4.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "155881521568639639840833298557846870108", "28253426805480878635572608865775125440", "149953868464522567511538703903120466861", "52281113772741856721332900738986764900", "106950382673311518749698131059305920757", "338568811585772570310012752075359361538", "101185528730863382709571470500411452378", "211140732761160744267934718267680242198", "63774701430786127226119499399848562330", "181957952871714486051731377791453937068" ] }, "id": "CVE-2024-35839-871b4590" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "file": "include/linux/netfilter_bridge.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "50744503791700505994285826142598575465", "113452547670750413697205370534021172845", "106980907698226082941821415147177890549", "8036374603626620148168899409961340935", "271628878267742137968270748602584672927", "182484470019225300845955695833657563360", "301436446979040289967112657008714518231", "332855404439221093582877622390608744640" ] }, "id": "CVE-2024-35839-8c2450db" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "function": "setup_pre_routing", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "266339150692360603505567040482121702681", "length": 562.0 }, "id": "CVE-2024-35839-8cfd49cf" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "function": "nf_bridge_get_physindev", "file": "include/linux/netfilter_bridge.h" }, "digest": { "function_hash": "20275677762807431239110372004105565546", "length": 154.0 }, "id": "CVE-2024-35839-8e07ba55" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "function": "nf_send_reset6", "file": "net/ipv6/netfilter/nf_reject_ipv6.c" }, "digest": { "function_hash": "311062772929538841492204318335213067912", "length": 2246.0 }, "id": "CVE-2024-35839-8fa54f44" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "function": "nf_bridge_get_physinif", "file": "include/linux/netfilter_bridge.h" }, "digest": { "function_hash": "333828579425828437825923171927023883794", "length": 181.0 }, "id": "CVE-2024-35839-90e270a7" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "file": "include/linux/skbuff.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "8606634604111134936017123718248133801", "254849966707661873576948198042865731", "28549596192832905682853432087833047719", "207210768741913844094605106809967214666" ] }, "id": "CVE-2024-35839-93cd564b" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "file": "net/bridge/br_netfilter_ipv6.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "270396559027314378150928138433105423613", "198456385282203330315191287127953132327", "254984346575964011863138164783569479789", "196157807942632813078664574562243887860", "170814644580054889158145347871132379358", "302815249259370182503248847797401118418", "166683743709364241254533532758137970717", "99497047490859908441678220149503513265", "153621493627712195101625507967643221760", "331874479137209886695278715487436711915", "128700763926107239397770135800026222447", "3402814118917212298998795322758361454", "57483559499388109799444937702565308709", "133784419119680888210444441140044942849", "28762558668865807597079983071540262494", "288204071924622816413805565293495818063", "25686093730403734231063058588753418744" ] }, "id": "CVE-2024-35839-9434b32f" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "file": "include/linux/skbuff.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "8606634604111134936017123718248133801", "254849966707661873576948198042865731", "28549596192832905682853432087833047719", "207210768741913844094605106809967214666" ] }, "id": "CVE-2024-35839-9c8cb87f" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_bridge_slow", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "210565843931513795526589986815827186033", "length": 419.0 }, "id": "CVE-2024-35839-9e07a14f" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "file": "net/ipv6/netfilter/nf_reject_ipv6.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "269788786218825615626061995617542823573", "28253426805480878635572608865775125440", "329095109404806214814975144184289565932", "52105356645842947732972678298683756326", "106950382673311518749698131059305920757", "338568811585772570310012752075359361538", "101185528730863382709571470500411452378", "211140732761160744267934718267680242198", "307317123820147170843322999855618745677", "203689014416024010884177630991455456797" ] }, "id": "CVE-2024-35839-9eb23c14" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_bridge_slow", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "210565843931513795526589986815827186033", "length": 419.0 }, "id": "CVE-2024-35839-a155d618" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_bridge_slow", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "210565843931513795526589986815827186033", "length": 419.0 }, "id": "CVE-2024-35839-ae1afb6d" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "function": "nf_send_reset", "file": "net/ipv4/netfilter/nf_reject_ipv4.c" }, "digest": { "function_hash": "252208339663636809247800899183619030202", "length": 1459.0 }, "id": "CVE-2024-35839-aef40d54" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_bridge", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "53936117603397591971027641675880562281", "length": 761.0 }, "id": "CVE-2024-35839-afa439f3" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "file": "include/linux/netfilter_bridge.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "50744503791700505994285826142598575465", "113452547670750413697205370534021172845", "106980907698226082941821415147177890549", "8036374603626620148168899409961340935", "271628878267742137968270748602584672927", "182484470019225300845955695833657563360", "301436446979040289967112657008714518231", "332855404439221093582877622390608744640" ] }, "id": "CVE-2024-35839-b183fcef" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "function": "setup_pre_routing", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "266339150692360603505567040482121702681", "length": 562.0 }, "id": "CVE-2024-35839-b4228234" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_bridge_slow", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "210565843931513795526589986815827186033", "length": 419.0 }, "id": "CVE-2024-35839-b772919b" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "19724072212054889061933215055999655353", "length": 1610.0 }, "id": "CVE-2024-35839-b7a45724" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "function": "nf_bridge_get_physindev", "file": "include/linux/netfilter_bridge.h" }, "digest": { "function_hash": "20275677762807431239110372004105565546", "length": 154.0 }, "id": "CVE-2024-35839-b8832b61" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "function": "nf_send_reset", "file": "net/ipv4/netfilter/nf_reject_ipv4.c" }, "digest": { "function_hash": "252208339663636809247800899183619030202", "length": 1459.0 }, "id": "CVE-2024-35839-c33f7269" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "function": "br_nf_forward_finish", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "216962085930190387015833570126745156241", "length": 739.0 }, "id": "CVE-2024-35839-c6daf04d" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "function": "nf_bridge_get_physinif", "file": "include/linux/netfilter_bridge.h" }, "digest": { "function_hash": "333828579425828437825923171927023883794", "length": 181.0 }, "id": "CVE-2024-35839-c89d9bd4" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "file": "include/linux/skbuff.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "8606634604111134936017123718248133801", "254849966707661873576948198042865731", "28549596192832905682853432087833047719", "207210768741913844094605106809967214666" ] }, "id": "CVE-2024-35839-d3659e19" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "function": "setup_pre_routing", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "266339150692360603505567040482121702681", "length": 562.0 }, "id": "CVE-2024-35839-d8f4cd5b" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "file": "net/ipv4/netfilter/nf_reject_ipv4.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "155881521568639639840833298557846870108", "28253426805480878635572608865775125440", "149953868464522567511538703903120466861", "52281113772741856721332900738986764900", "106950382673311518749698131059305920757", "338568811585772570310012752075359361538", "101185528730863382709571470500411452378", "211140732761160744267934718267680242198", "63774701430786127226119499399848562330", "181957952871714486051731377791453937068" ] }, "id": "CVE-2024-35839-dc4b0d25" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_ipv6", "file": "net/bridge/br_netfilter_ipv6.c" }, "digest": { "function_hash": "88766956349738941988504517332361866163", "length": 1221.0 }, "id": "CVE-2024-35839-dc4e5b65" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_ipv6", "file": "net/bridge/br_netfilter_ipv6.c" }, "digest": { "function_hash": "88766956349738941988504517332361866163", "length": 1221.0 }, "id": "CVE-2024-35839-e13c201e" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "file": "net/ipv4/netfilter/nf_reject_ipv4.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "155881521568639639840833298557846870108", "28253426805480878635572608865775125440", "149953868464522567511538703903120466861", "52281113772741856721332900738986764900", "106950382673311518749698131059305920757", "338568811585772570310012752075359361538", "101185528730863382709571470500411452378", "211140732761160744267934718267680242198", "63774701430786127226119499399848562330", "181957952871714486051731377791453937068" ] }, "id": "CVE-2024-35839-e597d6f5" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "function": "nf_send_reset6", "file": "net/ipv6/netfilter/nf_reject_ipv6.c" }, "digest": { "function_hash": "311062772929538841492204318335213067912", "length": 2246.0 }, "id": "CVE-2024-35839-f0aac688" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9325e3188a9cf3f69fc6f32af59844bbc5b90547", "signature_version": "v1", "target": { "file": "net/bridge/br_netfilter_ipv6.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "270396559027314378150928138433105423613", "198456385282203330315191287127953132327", "254984346575964011863138164783569479789", "196157807942632813078664574562243887860", "170814644580054889158145347871132379358", "302815249259370182503248847797401118418", "166683743709364241254533532758137970717", "99497047490859908441678220149503513265", "153621493627712195101625507967643221760", "331874479137209886695278715487436711915", "128700763926107239397770135800026222447", "3402814118917212298998795322758361454", "57483559499388109799444937702565308709", "133784419119680888210444441140044942849", "28762558668865807597079983071540262494", "288204071924622816413805565293495818063", "25686093730403734231063058588753418744" ] }, "id": "CVE-2024-35839-f0f97783" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "signature_version": "v1", "target": { "file": "net/ipv6/netfilter/nf_reject_ipv6.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "269788786218825615626061995617542823573", "28253426805480878635572608865775125440", "329095109404806214814975144184289565932", "52105356645842947732972678298683756326", "272333899896940366047738278797942709954", "124737115473024593746495564819966155499", "101185528730863382709571470500411452378", "211140732761160744267934718267680242198", "307317123820147170843322999855618745677", "203689014416024010884177630991455456797" ] }, "id": "CVE-2024-35839-f8c5018f" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9874808878d9eed407e3977fd11fee49de1e1d86", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish_bridge", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "53936117603397591971027641675880562281", "length": 761.0 }, "id": "CVE-2024-35839-fc617f48" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "signature_version": "v1", "target": { "function": "br_nf_pre_routing_finish", "file": "net/bridge/br_netfilter_hooks.c" }, "digest": { "function_hash": "19724072212054889061933215055999655353", "length": 1610.0 }, "id": "CVE-2024-35839-fe6c45b4" } ]