In the Linux kernel, the following vulnerability has been resolved:
r8169: Fix possible ring buffer corruption on fragmented Tx packets.
An issue was found on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently leading to calls to dmaunmapsingle() with a null address.
This was caused by rtl8169startxmit() not noticing changes to nrfrags which may occur when small packets are padded (to work around hardware quirks) in rtl8169tsocsumv2().
To fix this, postpone inspecting nr_frags until after any padding has been applied.
{ "vanir_signatures": [ { "signature_type": "Function", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c", "function": "rtl8169_start_xmit" }, "id": "CVE-2024-38586-006fa3e5", "digest": { "length": 1518.0, "function_hash": "298835898120334891457444561194048831881" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c71e3a5cffd5309d7f84444df03d5b72600cc417", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c", "function": "rtl8169_start_xmit" }, "id": "CVE-2024-38586-2c734da4", "digest": { "length": 1518.0, "function_hash": "298835898120334891457444561194048831881" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@68222d7b4b72aa321135cd453dac37f00ec41fd1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c", "function": "rtl8169_start_xmit" }, "id": "CVE-2024-38586-30e43220", "digest": { "length": 1580.0, "function_hash": "186981487103222058648101379261341588609" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b6d21cf40de103d63ae78551098a7c06af8c98dd", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c", "function": "rtl8169_start_xmit" }, "id": "CVE-2024-38586-32831c4c", "digest": { "length": 1518.0, "function_hash": "298835898120334891457444561194048831881" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@078d5b7500d70af2de6b38e226b03f0b932026a6", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c", "function": "rtl8169_start_xmit" }, "id": "CVE-2024-38586-387b6871", "digest": { "length": 1518.0, "function_hash": "298835898120334891457444561194048831881" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@54e7a0d111240c92c0f02ceba6eb8f26bf6d6479", "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c" }, "id": "CVE-2024-38586-3d9fec65", "digest": { "threshold": 0.9, "line_hashes": [ "61330429938329414825549929879180958941", "260238822528443565263343872019338409361", "198188719066416416944633126447519815237", "216474214084840438714592927863810115945", "296448196880099692283506032437453024471", "102849545533769068506192412155897165186", "55080419987059803748574403052941619159", "70890187955547345683023345795492416985", "220002615735953031378667748594527677248", "253073575755770858762804239355377704477", "312197738841538681225686012120296764776" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c48185a95309556725f818b82120bb74e9c627d", "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c" }, "id": "CVE-2024-38586-3df9a01f", "digest": { "threshold": 0.9, "line_hashes": [ "61330429938329414825549929879180958941", "260238822528443565263343872019338409361", "198188719066416416944633126447519815237", "216474214084840438714592927863810115945", "296448196880099692283506032437453024471", "102849545533769068506192412155897165186", "55080419987059803748574403052941619159", "70890187955547345683023345795492416985", "220002615735953031378667748594527677248", "253073575755770858762804239355377704477", "312197738841538681225686012120296764776" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@54e7a0d111240c92c0f02ceba6eb8f26bf6d6479", "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c" }, "id": "CVE-2024-38586-4108d02a", "digest": { "threshold": 0.9, "line_hashes": [ "61330429938329414825549929879180958941", "260238822528443565263343872019338409361", "198188719066416416944633126447519815237", "216474214084840438714592927863810115945", "296448196880099692283506032437453024471", "102849545533769068506192412155897165186", "55080419987059803748574403052941619159", "70890187955547345683023345795492416985", "220002615735953031378667748594527677248", "253073575755770858762804239355377704477", "312197738841538681225686012120296764776" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b6d21cf40de103d63ae78551098a7c06af8c98dd", "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c" }, "id": "CVE-2024-38586-43e7b954", "digest": { "threshold": 0.9, "line_hashes": [ "61330429938329414825549929879180958941", "260238822528443565263343872019338409361", "198188719066416416944633126447519815237", "216474214084840438714592927863810115945", "296448196880099692283506032437453024471", "102849545533769068506192412155897165186", "55080419987059803748574403052941619159", "70890187955547345683023345795492416985", "220002615735953031378667748594527677248", "253073575755770858762804239355377704477", "312197738841538681225686012120296764776" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@61c1c98e2607120ce9c3fa1bf75e6da909712b27", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c", "function": "rtl8169_start_xmit" }, "id": "CVE-2024-38586-722360b7", "digest": { "length": 1580.0, "function_hash": "186981487103222058648101379261341588609" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c48185a95309556725f818b82120bb74e9c627d", "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c" }, "id": "CVE-2024-38586-72c72fc8", "digest": { "threshold": 0.9, "line_hashes": [ "61330429938329414825549929879180958941", "260238822528443565263343872019338409361", "198188719066416416944633126447519815237", "216474214084840438714592927863810115945", "296448196880099692283506032437453024471", "102849545533769068506192412155897165186", "55080419987059803748574403052941619159", "70890187955547345683023345795492416985", "220002615735953031378667748594527677248", "253073575755770858762804239355377704477", "312197738841538681225686012120296764776" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c71e3a5cffd5309d7f84444df03d5b72600cc417", "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c" }, "id": "CVE-2024-38586-8d0a52e5", "digest": { "threshold": 0.9, "line_hashes": [ "61330429938329414825549929879180958941", "260238822528443565263343872019338409361", "198188719066416416944633126447519815237", "216474214084840438714592927863810115945", "296448196880099692283506032437453024471", "102849545533769068506192412155897165186", "55080419987059803748574403052941619159", "70890187955547345683023345795492416985", "220002615735953031378667748594527677248", "253073575755770858762804239355377704477", "312197738841538681225686012120296764776" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@078d5b7500d70af2de6b38e226b03f0b932026a6", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c", "function": "rtl8169_start_xmit" }, "id": "CVE-2024-38586-933e518d", "digest": { "length": 1580.0, "function_hash": "186981487103222058648101379261341588609" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@61c1c98e2607120ce9c3fa1bf75e6da909712b27", "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/net/ethernet/realtek/r8169_main.c" }, "id": "CVE-2024-38586-aa7d6860", "digest": { "threshold": 0.9, "line_hashes": [ "61330429938329414825549929879180958941", "260238822528443565263343872019338409361", "198188719066416416944633126447519815237", "216474214084840438714592927863810115945", "296448196880099692283506032437453024471", "102849545533769068506192412155897165186", "55080419987059803748574403052941619159", "70890187955547345683023345795492416985", "220002615735953031378667748594527677248", "253073575755770858762804239355377704477", "312197738841538681225686012120296764776" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@68222d7b4b72aa321135cd453dac37f00ec41fd1", "signature_version": "v1" } ] }