CVE-2024-46800

Updated: 2024-09-21 05:08:22.253568

Description:

In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. The packet is dropped but qdisc_tree_reduce_backlog() is not called to update the parent's q.qlen, leading to the similar use-after-free as Commit e04991a48dbaf382 ("netem: fix return value if duplicate enqueue fails") Commands to trigger KASAN UaF: ip link add type dummy ip link set lo up ip link set dummy0 up tc qdisc add dev lo parent root handle 1: drr tc filter add dev lo parent 1: basic classid 1:1 tc class add dev lo classid 1:1 drr tc qdisc add dev lo parent 1:1 handle 2: netem tc qdisc add dev lo parent 2: handle 3: drr tc filter add dev lo parent 3: basic classid 3:1 action mirred egress redirect dev dummy0 tc class add dev lo classid 3:1 drr ping -c1 -W0.01 localhost # Trigger bug tc class del dev lo classid 1:1 tc class add dev lo classid 1:1 drr ping -c1 -W0.01 localhost # UaF


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2024:1728936982 2024-10-14 17:33:02
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Released CLSA-2024:1729541873 2024-10-21 17:30:27
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2024:1727692412 2024-10-14 17:32:58
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1727690947 2024-09-30 10:48:06
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1727690025 2024-09-30 10:48:07
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1729874131 2024-10-25 14:32:56
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2024-09-21 05:15:19
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Released CLSA-2024:1728584192 2024-10-10 14:28:46
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Released CLSA-2024:1728584752 2024-10-10 14:29:03
Ubuntu 18.04 ELS linux 4.15.0 7.8 HIGH Released CLSA-2024:1728583613 2024-10-10 14:28:48