CVE-2024-26665

Updated: 2025-03-10 21:39:30.529854

Description:

In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the following splat, BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240 Read of size 4 at addr ffff88811d402c80 by task netperf/820 CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543 ... kasan_report+0xd8/0x110 do_csum+0x220/0x240 csum_partial+0xc/0x20 skb_tunnel_check_pmtu+0xeb9/0x3280 vxlan_xmit_one+0x14c2/0x4080 vxlan_xmit+0xf61/0x5c00 dev_hard_start_xmit+0xfb/0x510 __dev_queue_xmit+0x7cd/0x32a0 br_dev_queue_push_xmit+0x39d/0x6a0 Use skb_checksum instead of csum_partial who cannot deal with non-linear SKBs.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.1000000000000005

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.1 HIGH Released CLSA-2024:1728936982 2024-10-14 17:32:07
AlmaLinux 9.2 FIPS kernel 5.14.0 7.1 HIGH Released CLSA-2024:1729541873 2024-10-21 17:29:41
CentOS 6 ELS kernel 2.6.32 7.1 HIGH Not Vulnerable 2024-09-24 14:23:30
CentOS 7 ELS kernel 3.10.0 7.1 HIGH Not Vulnerable 2024-09-24 14:23:30
CentOS 8.4 ELS kernel 4.18.0 7.1 HIGH Released CLSA-2024:1727690947 2024-09-30 10:46:30
CentOS 8.5 ELS kernel 4.18.0 7.1 HIGH Released CLSA-2024:1727690025 2024-09-30 10:46:31
CentOS Stream 8 ELS kernel 4.18.0 7.1 HIGH Released CLSA-2024:1729874131 2024-10-25 14:32:09
CloudLinux 6 ELS kernel 2.6.32 7.1 HIGH Not Vulnerable 2024-09-24 14:23:30
CloudLinux 7 ELS kernel 3.10.0 7.1 HIGH Not Vulnerable 2024-09-24 14:23:30
Oracle Linux 6 ELS kernel 2.6.32 7.1 HIGH Not Vulnerable 2024-09-24 14:23:30