CVE-2024-56646

[1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor888 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:lockacquire+0xe4/0x3c40 kernel/locking/lockdep.c:5089 Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d ca 98 f5 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 07 7f 93 0f 84 RSP: 0018:ffffc900035d7268 EFLAGS: 00010006 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000006 RSI: 1ffff920006bae5f RDI: 0000000000000030 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff90608e17 R11: 0000000000000001 R12: 0000000000000030 R13: ffff888036334880 R14: 0000000000000000 R15: 0000000000000000 FS: 0000555579e90380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc59cc4278 CR3: 0000000072b54000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> lockacquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849 _rawspinlockbh include/linux/spinlockapismp.h:126 [inline] rawspinlockbh+0x33/0x40 kernel/locking/spinlock.c:178 spinlockbh include/linux/spinlock.h:356 [inline] modifyprefixroute+0x30b/0x8b0 net/ipv6/addrconf.c:4831 inet6addrmodify net/ipv6/addrconf.c:4923 [inline] inet6rtmnewaddr+0x12c7/0x1ab0 net/ipv6/addrconf.c:5055 rtnetlinkrcvmsg+0x3c7/0xea0 net/core/rtnetlink.c:6920 netlinkrcvskb+0x16b/0x440 net/netlink/afnetlink.c:2541 netlinkunicastkernel net/netlink/afnetlink.c:1321 [inline] netlinkunicast+0x53c/0x7f0 net/netlink/afnetlink.c:1347 netlinksendmsg+0x8b8/0xd70 net/netlink/afnetlink.c:1891 socksendmsgnosec net/socket.c:711 [inline] _socksendmsg net/socket.c:726 [inline] syssendmsg+0xaaf/0xc90 net/socket.c:2583 _syssendmsg+0x135/0x1e0 net/socket.c:2637 _syssendmsg+0x16e/0x220 net/socket.c:2669 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x250 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f RIP: 0033:0x7fd1dcef8b79 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc59cc4378 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd1dcef8b79 RDX: 0000000000040040 RSI: 0000000020000140 RDI: 0000000000000004 RBP: 00000000000113fd R08: 0000000000000006 R09: 0000000000000006 R10: 0000000000000006 R11: 0000000000000246 R12: 00007ffc59cc438c R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 </TASK>

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5eb902b8e7193cdcb33242af0a56502e6b5206e9

Fixed

01f95357e47219a9c4b29e177b717edbfab721b4

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5eb902b8e7193cdcb33242af0a56502e6b5206e9

Fixed

a747e02430dfb3657141f99aa6b09331283fa493

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.2

v6.12.3

v6.12.4

v6.8

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "id": "CVE-2024-56646-0fc830b7",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@01f95357e47219a9c4b29e177b717edbfab721b4",
        "target": {
            "file": "net/ipv6/addrconf.c"
        },
        "digest": {
            "line_hashes": [
                "317804377931467777147384523072310152680",
                "8915193496606524627389167521318609040",
                "118298835673743407581812176009536031644",
                "209534204271915818687791649425560325439",
                "93829189375663490158901543382844975391",
                "140626409861661270423342018217964273388",
                "205572443609030186943226969400744394416",
                "156318988483909943894791739248119882232",
                "20165374993030133876889582510444980239",
                "187714580204328645871379095273835548089",
                "31892671426661303853378109923035736960",
                "174366857788640572084114032692451991841",
                "261529331943043576234015686066357931354",
                "110692093463634487834536971609690141808",
                "262830528772520854930844818204046110357",
                "90174150546269184347462758110206418642",
                "158933382736826873502452629687477040063",
                "189302851774712128002561899121859130581",
                "243147307150744971507766173603256289473",
                "283760226409864769581545585953651863580",
                "80579926906315342958389285322101409364"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-56646-23ecc8e4",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@01f95357e47219a9c4b29e177b717edbfab721b4",
        "target": {
            "file": "net/ipv6/addrconf.c",
            "function": "modify_prefix_route"
        },
        "digest": {
            "length": 877.0,
            "function_hash": "68078992314162913069153051764313788880"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-56646-2695e60d",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a747e02430dfb3657141f99aa6b09331283fa493",
        "target": {
            "file": "net/ipv6/addrconf.c"
        },
        "digest": {
            "line_hashes": [
                "317804377931467777147384523072310152680",
                "8915193496606524627389167521318609040",
                "118298835673743407581812176009536031644",
                "209534204271915818687791649425560325439",
                "93829189375663490158901543382844975391",
                "140626409861661270423342018217964273388",
                "205572443609030186943226969400744394416",
                "156318988483909943894791739248119882232",
                "20165374993030133876889582510444980239",
                "187714580204328645871379095273835548089",
                "31892671426661303853378109923035736960",
                "174366857788640572084114032692451991841",
                "261529331943043576234015686066357931354",
                "110692093463634487834536971609690141808",
                "262830528772520854930844818204046110357",
                "90174150546269184347462758110206418642",
                "158933382736826873502452629687477040063",
                "189302851774712128002561899121859130581",
                "243147307150744971507766173603256289473",
                "283760226409864769581545585953651863580",
                "80579926906315342958389285322101409364"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-56646-28751c4a",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a747e02430dfb3657141f99aa6b09331283fa493",
        "target": {
            "file": "net/ipv6/addrconf.c",
            "function": "inet6_addr_modify"
        },
        "digest": {
            "length": 3085.0,
            "function_hash": "339046132577943681412418745741183824960"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-56646-dcad599a",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@01f95357e47219a9c4b29e177b717edbfab721b4",
        "target": {
            "file": "net/ipv6/addrconf.c",
            "function": "inet6_addr_modify"
        },
        "digest": {
            "length": 3085.0,
            "function_hash": "339046132577943681412418745741183824960"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "id": "CVE-2024-56646-e17b307d",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a747e02430dfb3657141f99aa6b09331283fa493",
        "target": {
            "file": "net/ipv6/addrconf.c",
            "function": "modify_prefix_route"
        },
        "digest": {
            "length": 877.0,
            "function_hash": "68078992314162913069153051764313788880"
        },
        "signature_version": "v1"
    }
]

CVE-2024-56646

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Affected versions

v6.*

Database specific

vanir_signatures

Linux / Kernel

Package

Affected ranges