CVE-2024-35901

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35901
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35901.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-35901
Downstream
Related
Published
2024-05-19T08:34:54Z
Modified
2025-10-17T05:42:20.700217Z
Summary
net: mana: Fix Rx DMA datasize and skb_over_panic
Details

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Fix Rx DMA datasize and skboverpanic

managetrxbufcfg() aligns the RX buffer's DMA datasize to be multiple of 64. So a packet slightly bigger than mtu+14, say 1536, can be received and cause skbover_panic.

Sample dmesg: [ 5325.237162] skbuff: skboverpanic: text:ffffffffc043277a len:1536 put:1536 head:ff1100018b517000 data:ff1100018b517100 tail:0x700 end:0x6ea dev:<NULL> [ 5325.243689] ------------[ cut here ]------------ [ 5325.245748] kernel BUG at net/core/skbuff.c:192! [ 5325.247838] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 5325.258374] RIP: 0010:skbpanic+0x4f/0x60 [ 5325.302941] Call Trace: [ 5325.304389] <IRQ> [ 5325.315794] ? skbpanic+0x4f/0x60 [ 5325.317457] ? asmexcinvalidop+0x1f/0x30 [ 5325.319490] ? skbpanic+0x4f/0x60 [ 5325.321161] skbput+0x4e/0x50 [ 5325.322670] manapoll+0x6fa/0xb50 [mana] [ 5325.324578] _napipoll+0x33/0x1e0 [ 5325.326328] netrxaction+0x12e/0x280

As discussed internally, this alignment is not necessary. To fix this bug, remove it from the code. So oversized packets will be marked as CQERXTRUNCATED by NIC, and dropped.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2fbbd712baf1c60996554326728bbdbef5616e12
Fixed
ca58927b00385005f488b6a9905ced7a4f719aad
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2fbbd712baf1c60996554326728bbdbef5616e12
Fixed
05cb7c41fa1a7a7b2c2a6b81bbe7c67f5c11932b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2fbbd712baf1c60996554326728bbdbef5616e12
Fixed
c0de6ab920aafb56feab56058e46b688e694a246

Affected versions

v6.*

v6.3
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.9-rc1

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.26
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.5