CVE-2024-26707

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26707
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26707.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26707
Downstream
Published
2024-04-03T15:15:53Z
Modified
2025-08-09T20:01:26Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

net: hsr: remove WARNONCE() in sendhsrsupervisionframe()

Syzkaller reported [1] hitting a warning after failing to allocate resources for skb in hsrinitskb(). Since a WARNONCE() call will not help much in this case, it might be prudent to switch to netdevwarn_once(). At the very least it will suppress syzkaller reports such as [1].

Just in case, use netdevwarnonce() in sendprpsupervision_frame() for similar reasons.

[1] HSR: Could not send supervision frame WARNING: CPU: 1 PID: 85 at net/hsr/hsrdevice.c:294 sendhsrsupervisionframe+0x60a/0x810 net/hsr/hsrdevice.c:294 RIP: 0010:sendhsrsupervisionframe+0x60a/0x810 net/hsr/hsrdevice.c:294 ... Call Trace: <IRQ> hsrannounce+0x114/0x370 net/hsr/hsrdevice.c:382 calltimerfn+0x193/0x590 kernel/time/timer.c:1700 expiretimers kernel/time/timer.c:1751 [inline] _runtimers+0x764/0xb20 kernel/time/timer.c:2022 runtimersoftirq+0x58/0xd0 kernel/time/timer.c:2035 _dosoftirq+0x21a/0x8de kernel/softirq.c:553 invokesoftirq kernel/softirq.c:427 [inline] _irqexitrcu kernel/softirq.c:632 [inline] irqexitrcu+0xb7/0x120 kernel/softirq.c:644 sysvecapictimerinterrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076 </IRQ> <TASK> asmsysvecapictimer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649 ...

This issue is also found in older kernels (at least up to 5.10).

References

Affected packages