CVE-2024-42321
- Source
- https://cve.org/CVERecord?id=CVE-2024-42321
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42321.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-42321
- Downstream
- Published
- 2024-08-17T09:09:33.505Z
- Modified
- 2026-05-07T04:16:26.725679Z
- Summary
- net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: flowdissector: use DEBUGNETWARNON_ONCE
The following splat is easy to reproduce upstream as well as in -stable kernels. Florian Westphal provided the following commit:
d1dab4f71d37 ("net: add and use __skbgethashsymmetricnet")
but this complementary fix has been also suggested by Willem de Bruijn and it can be easily backported to -stable kernel which consists in using DEBUGNETWARNONONCE instead to silence the following splat given __skbgethash() is used by the nftables tracing infrastructure to to identify packets in traces.
[69133.561393] ------------[ cut here ]------------ [69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skbflowdissect+0x134f/ [...] [69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379 [69133.561959] RIP: 0010:__skbflowdissect+0x134f/0x2ad0 [69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff ff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8 [69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246 [69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19 [69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418 [69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000 [69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400 [69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28 [69133.562020] FS: 00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000 [69133.562027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0 [69133.562040] Call Trace: [69133.562044] <IRQ> [69133.562049] ? __warn+0x9f/0x1a0 [ 1211.841384] ? __skbflowdissect+0x107e/0x2860 [...] [ 1211.841496] ? bpfflowdissect+0x160/0x160 [ 1211.841753] __skbgethash+0x97/0x280 [ 1211.841765] ? __skbgethashsymmetric+0x230/0x230 [ 1211.841776] ? modfind+0xbf/0xe0 [ 1211.841786] ? getstackinfo_noinstr+0x12/0xe0 [ 1211.841798] ? bpfksymfind+0x56/0xe0 [ 1211.841807] ? _rcureadunlock+0x2a/0x70 [ 1211.841819] nfttraceinit+0x1b9/0x1c0 [nftables] [ 1211.841895] ? nfttracenotify+0x830/0x830 [nftables] [ 1211.841964] ? getstackinfo+0x2b/0x80 [ 1211.841975] ? nftdochainarp+0x80/0x80 [nftables] [ 1211.842044] nftdochain+0x79c/0x850 [nftables]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42321.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b
- https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107
- https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0
- https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42321.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-42321
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9b52e3f267a6835efd50ed9002d530666d16a411Fixedeb03d9826aa646577342a952d658d4598381c035Fixed4afbac11f2f629d1e62817c4e210bdfaa7521107Fixedc5d21aabf1b31a79f228508af33aee83456bc1b0Fixed120f1c857a73e52132e473dee89b340440cb692b