AZL-54785

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54785.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-54785

Upstream

CVE-2024-56648

Published

2024-12-27T15:15:24Z

Modified

2026-04-01T05:18:23.925440Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-56648 affecting package kernel for versions less than 5.15.176.3-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net: hsr: avoid potential out-of-bound access in fillframeinfo()

syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one.

Since fillframeinfo() is relying on skb->mac_len already, extend the check to cover this case.

BUG: KMSAN: uninit-value in fillframeinfo net/hsr/hsrforward.c:709 [inline] BUG: KMSAN: uninit-value in hsrforwardskb+0x9ee/0x3b10 net/hsr/hsrforward.c:724 fillframeinfo net/hsr/hsrforward.c:709 [inline] hsrforwardskb+0x9ee/0x3b10 net/hsr/hsrforward.c:724 hsrdevxmit+0x2f0/0x350 net/hsr/hsr_device.c:235 __netdevstartxmit include/linux/netdevice.h:5002 [inline] netdevstartxmit include/linux/netdevice.h:5011 [inline] xmitone net/core/dev.c:3590 [inline] devhardstartxmit+0x247/0xa20 net/core/dev.c:3606 __devqueuexmit+0x366a/0x57d0 net/core/dev.c:4434 devqueuexmit include/linux/netdevice.h:3168 [inline] packetxmit+0x9c/0x6c0 net/packet/afpacket.c:276 packetsnd net/packet/afpacket.c:3146 [inline] packetsendmsg+0x91ae/0xa6f0 net/packet/afpacket.c:3178 socksendmsgnosec net/socket.c:711 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:726 __sys_sendto+0x594/0x750 net/socket.c:2197 __dosyssendto net/socket.c:2204 [inline] __sesyssendto net/socket.c:2200 [inline] _x64syssendto+0x125/0x1d0 net/socket.c:2200 x64syscall+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls64.h:45 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x1e0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f

Uninit was created at: slabpostallochook mm/slub.c:4091 [inline] slaballocnode mm/slub.c:4134 [inline] kmemcacheallocnodenoprof+0x6bf/0xb80 mm/slub.c:4186 kmallocreserve+0x13d/0x4a0 net/core/skbuff.c:587 __allocskb+0x363/0x7b0 net/core/skbuff.c:678 allocskb include/linux/skbuff.h:1323 [inline] alloc_skbwithfrags+0xc8/0xd00 net/core/skbuff.c:6612 sockallocsendpskb+0xa81/0xbf0 net/core/sock.c:2881 packetallocskb net/packet/afpacket.c:2995 [inline] packetsnd net/packet/afpacket.c:3089 [inline] packetsendmsg+0x74c6/0xa6f0 net/packet/afpacket.c:3178 socksendmsgnosec net/socket.c:711 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:726 __sys_sendto+0x594/0x750 net/socket.c:2197 __dosyssendto net/socket.c:2204 [inline] __sesyssendto net/socket.c:2200 [inline] _x64syssendto+0x125/0x1d0 net/socket.c:2200 x64syscall+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls64.h:45 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x1e0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f

References

https://nvd.nist.gov/vuln/detail/CVE-2024-56648

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.176.3-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54785.json"