CVE-2024-38538

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-38538
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38538.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-38538
Downstream
Related
Published
2024-06-19T13:35:13.384Z
Modified
2026-03-13T07:56:54.208627Z
Summary
net: bridge: xmit: make sure we have at least eth header len bytes
Details

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: xmit: make sure we have at least eth header len bytes

syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if we can actually pull that amount instead of assuming.

Tested with dropwatch: drop at: brdevxmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3) origin: software timestamp: Mon May 13 11:31:53 2024 778214037 nsec protocol: 0x88a8 length: 2 original length: 2 drop reason: PKTTOOSMALL

[1] BUG: KMSAN: uninit-value in brdevxmit+0x61d/0x1cb0 net/bridge/brdevice.c:65 brdevxmit+0x61d/0x1cb0 net/bridge/brdevice.c:65 __netdevstartxmit include/linux/netdevice.h:4903 [inline] netdevstartxmit include/linux/netdevice.h:4917 [inline] xmitone net/core/dev.c:3531 [inline] devhardstartxmit+0x247/0xa20 net/core/dev.c:3547 __devqueuexmit+0x34db/0x5350 net/core/dev.c:4341 devqueuexmit include/linux/netdevice.h:3091 [inline] __bpftxskb net/core/filter.c:2136 [inline] __bpfredirectcommon net/core/filter.c:2180 [inline] __bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187 ____bpfcloneredirect net/core/filter.c:2460 [inline] bpfcloneredirect+0x328/0x470 net/core/filter.c:2432 ___bpfprogrun+0x13fe/0xe0f0 kernel/bpf/core.c:1997 __bpfprogrun512+0xb5/0xe0 kernel/bpf/core.c:2238 bpfdispatchernop_func include/linux/bpf.h:1234 [inline] __bpfprogrun include/linux/filter.h:657 [inline] bpfprogrun include/linux/filter.h:664 [inline] bpf_testrun+0x499/0xc30 net/bpf/testrun.c:425 bpfprogtestrunskb+0x14ea/0x1f20 net/bpf/testrun.c:1058 bpfprogtestrun+0x6b7/0xad0 kernel/bpf/syscall.c:4269 __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678 __dosysbpf kernel/bpf/syscall.c:5767 [inline] __sesysbpf kernel/bpf/syscall.c:5765 [inline] _x64sysbpf+0xa0/0xe0 kernel/bpf/syscall.c:5765 x64syscall+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls64.h:322 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcf/0x1e0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38538.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
3e01fc3c66e65d9afe98f1489047a1b2dd8741ca
Fixed
b2b7c43cd32080221bb233741bd6011983fe7c11
Fixed
82090f94c723dab724b1c32db406091d40448a17
Fixed
c964429ef53f42098a6545a5dabeb1441c1e821d
Fixed
28126b83f86ab9cc7936029c2dff845d3dcedba2
Fixed
1abb371147905ba250b4cc0230c4be7e90bea4d5
Fixed
f482fd4ce919836a49012b2d31b00fc36e2488f2
Fixed
5b5d669f569807c7ab07546e73c0741845a2547a
Fixed
8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38538.json"