CVE-2024-57902

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-57902
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57902.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-57902
Downstream
Related
Published
2025-01-15T13:05:58.296Z
Modified
2026-05-15T11:54:35.107662469Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
af_packet: fix vlan_get_tci() vs MSG_PEEK
Details

In the Linux kernel, the following vulnerability has been resolved:

afpacket: fix vlangettci() vs MSGPEEK

Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot.

Rework vlangettci() to not touch skb at all, so that it can be used from many cpus on the same skb.

Add a const qualifier to skb argument.

[1] skbuff: skbunderpanic: text:ffffffff8a8da482 len:32 put:14 head:ffff88807a1d5800 data:ffff88807a1d5810 tail:0x14 end:0x140 dev:<NULL> ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 5880 Comm: syz-executor172 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skbpanic net/core/skbuff.c:206 [inline] RIP: 0010:skbunderpanic+0x14b/0x150 net/core/skbuff.c:216 Code: 0b 8d 48 c7 c6 9e 6c 26 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 3a 5a 79 f7 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc90003baf5b8 EFLAGS: 00010286 RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 8565c1eec37aa000 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: ffff88802616fb50 R08: ffffffff817f0a4c R09: 1ffff92000775e50 R10: dffffc0000000000 R11: fffff52000775e51 R12: 0000000000000140 R13: ffff88807a1d5800 R14: ffff88807a1d5810 R15: 0000000000000014 FS: 00007fa03261f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd65753000 CR3: 0000000031720000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skbpush+0xe5/0x100 net/core/skbuff.c:2636 vlangettci+0x272/0x550 net/packet/afpacket.c:565 packetrecvmsg+0x13c9/0x1ef0 net/packet/afpacket.c:3616 sockrecvmsgnosec net/socket.c:1044 [inline] sockrecvmsg+0x22f/0x280 net/socket.c:1066 ____sys_recvmsg+0x1c6/0x480 net/socket.c:2814 ___sysrecvmsg net/socket.c:2856 [inline] dorecvmmsg+0x426/0xab0 net/socket.c:2951 __sys_recvmmsg net/socket.c:3025 [inline] __dosysrecvmmsg net/socket.c:3048 [inline] __sesysrecvmmsg net/socket.c:3041 [inline] __x64sysrecvmmsg+0x199/0x250 net/socket.c:3041 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xf3/0x230 arch/x86/entry/common.c:83

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57902.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.289
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.233
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.176
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.124
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.70
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57902.json"