CVE-2024-50035

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-50035
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50035.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50035
Downstream
Related
Published
2024-10-21T19:39:36.460Z
Modified
2026-03-20T12:39:32.834790Z
Summary
ppp: fix ppp_async_encode() illegal access
Details

In the Linux kernel, the following vulnerability has been resolved:

ppp: fix pppasyncencode() illegal access

syzbot reported an issue in pppasyncencode() [1]

In this case, pppoesendmsg() is called with a zero size. Then pppasync_encode() is called with an empty skb.

BUG: KMSAN: uninit-value in pppasyncencode drivers/net/ppp/pppasync.c:545 [inline] BUG: KMSAN: uninit-value in pppasyncpush+0xb4f/0x2660 drivers/net/ppp/pppasync.c:675 pppasyncencode drivers/net/ppp/pppasync.c:545 [inline] pppasyncpush+0xb4f/0x2660 drivers/net/ppp/pppasync.c:675 pppasyncsend+0x130/0x1b0 drivers/net/ppp/pppasync.c:634 pppchannelbridgeinput drivers/net/ppp/pppgeneric.c:2280 [inline] pppinput+0x1f1/0xe60 drivers/net/ppp/pppgeneric.c:2304 pppoercvcore+0x1d3/0x720 drivers/net/ppp/pppoe.c:379 skbacklog_rcv+0x13b/0x420 include/net/sock.h:1113 __releasesock+0x1da/0x330 net/core/sock.c:3072 releasesock+0x6b/0x250 net/core/sock.c:3626 pppoesendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903 socksendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 ____sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __dosyssendmmsg net/socket.c:2771 [inline] __sesyssendmmsg net/socket.c:2768 [inline] _x64syssendmmsg+0xbc/0x120 net/socket.c:2768 x64syscall+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls64.h:308 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x1e0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f

Uninit was created at: slabpostallochook mm/slub.c:4092 [inline] slaballocnode mm/slub.c:4135 [inline] kmemcacheallocnodenoprof+0x6bf/0xb80 mm/slub.c:4187 kmallocreserve+0x13d/0x4a0 net/core/skbuff.c:587 __allocskb+0x363/0x7b0 net/core/skbuff.c:678 allocskb include/linux/skbuff.h:1322 [inline] sockwmalloc+0xfe/0x1a0 net/core/sock.c:2732 pppoesendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867 socksendmsgnosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 ____sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __dosyssendmmsg net/socket.c:2771 [inline] __sesyssendmmsg net/socket.c:2768 [inline] _x64syssendmmsg+0xbc/0x120 net/socket.c:2768 x64syscall+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls64.h:308 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x1e0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f

CPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50035.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
4151ec65abd755133ebec687218fadd2d2631167
Fixed
8dfe93901b410ae41264087427f3b9f389388f83
Fixed
30d91a478d58cbae3dbaa8224d17d0d839f0d71b
Fixed
fadf8fdb3110d3138e05c3765f645535434f8d76
Fixed
ce249a4c68d0ce27a8c5d853338d502e2711a314
Fixed
8fe992ff3df493d1949922ca234419f3ede08dff
Fixed
c007a14797240607038bd3464501109f408940e2
Fixed
40dddd4b8bd08a69471efd96107a4e1c73fabefc

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50035.json"