CVE-2024-26675

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-26675
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26675.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26675
Downstream
Related
Published
2024-04-02T07:01:40.054Z
Modified
2026-03-20T12:35:07.290408Z
Summary
ppp_async: limit MRU to 64K
Details

In the Linux kernel, the following vulnerability has been resolved:

ppp_async: limit MRU to 64K

syzbot triggered a warning [1] in _allocpages():

WARNONONCEGFP(order > MAXPAGE_ORDER, gfp)

Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K")

Adopt the same sanity check for pppasyncioctl(PPPIOCSMRU)

[1]:

WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __allocpages+0x308/0x698 mm/pagealloc.c:4543 Modules linked in: CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue: eventsunbound flushto_ldisc pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __allocpages+0x308/0x698 mm/pagealloc.c:4543 lr : __allocpages+0xc8/0x698 mm/pagealloc.c:4537 sp : ffff800093967580 x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000 x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0 x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8 x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120 x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005 x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000 x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001 x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020 x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0 Call trace: __allocpages+0x308/0x698 mm/pagealloc.c:4543 __allocpagesnode include/linux/gfp.h:238 [inline] allocpagesnode include/linux/gfp.h:261 [inline] __kmalloclargenode+0xbc/0x1fc mm/slub.c:3926 __dokmallocnode mm/slub.c:3969 [inline] __kmallocnodetrackcaller+0x418/0x620 mm/slub.c:4001 kmallocreserve+0x17c/0x23c net/core/skbuff.c:590 __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651 _netdevallocskb+0xb8/0x3e8 net/core/skbuff.c:715 netdevallocskb include/linux/skbuff.h:3235 [inline] devallocskb include/linux/skbuff.h:3248 [inline] pppasyncinput drivers/net/ppp/pppasync.c:863 [inline] pppasyncttyreceive+0x588/0x186c drivers/net/ppp/pppasync.c:341 ttyldiscreceivebuf+0x12c/0x15c drivers/tty/ttybuffer.c:390 ttyportdefaultreceivebuf+0x74/0xac drivers/tty/ttyport.c:37 receivebuf drivers/tty/ttybuffer.c:444 [inline] flushtoldisc+0x284/0x6e4 drivers/tty/ttybuffer.c:494 processonework+0x694/0x1204 kernel/workqueue.c:2633 processscheduledworks kernel/workqueue.c:2706 [inline] workerthread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 retfromfork+0x10/0x20 arch/arm64/kernel/entry.S:860

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26675.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed
Fixed
56fae81633ccee307cfcb032f706bf1863a56982
Fixed
b06e067e93fa4b98acfd3a9f38a398ab91bbc58b
Fixed
58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3
Fixed
4e2c4846b2507f6dfc9bea72b7567c2693a82a16
Fixed
7e5ef49670766c9742ffcd9cead7cdb018268719
Fixed
210d938f963dddc543b07e66a79b7d8d4bd00bd8
Fixed
cb88cb53badb8aeb3955ad6ce80b07b598e310b8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26675.json"