CVE-2024-26754 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem must be registered before registering the generic netlink family. Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 RIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp] Code: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86 df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74 RSP: 0018:ffff888014107220 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? show_regs+0x90/0xa0 ? die_addr+0x50/0xd0 ? exc_general_protection+0x148/0x220 ? asm_exc_general_protection+0x22/0x30 ? gtp_genl_dump_pdp+0x1be/0x800 [gtp] ? __alloc_skb+0x1dd/0x350 ? __pfx___alloc_skb+0x10/0x10 genl_dumpit+0x11d/0x230 netlink_dump+0x5b9/0xce0 ? lockdep_hardirqs_on_prepare+0x253/0x430 ? __pfx_netlink_dump+0x10/0x10 ? kasan_save_track+0x10/0x40 ? __kasan_kmalloc+0x9b/0xa0 ? genl_start+0x675/0x970 __netlink_dump_start+0x6fc/0x9f0 genl_family_rcv_msg_dumpit+0x1bb/0x2d0 ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 ? genl_op_from_small+0x2a/0x440 ? cap_capable+0x1d0/0x240 ? __pfx_genl_start+0x10/0x10 ? __pfx_genl_dumpit+0x10/0x10 ? __pfx_genl_done+0x10/0x10 ? security_capable+0x9d/0xe0

Reserved 2024-02-19 | Published 2024-04-03 | Updated 2024-12-19 | Assigner Linux

Product status

Default status

unaffected

459aa660eb1d8ce67080da1983bb81d716aa5a69 before f0ecdfa679189d26aedfe24212d4e69e42c2c861

affected

459aa660eb1d8ce67080da1983bb81d716aa5a69 before f8cbd1791900b5d96466eede8e9439a5b9ca4de7

affected

459aa660eb1d8ce67080da1983bb81d716aa5a69 before 2e534fd15e5c2ca15821c897352cf0e8a3e30dca

affected

459aa660eb1d8ce67080da1983bb81d716aa5a69 before a576308800be28f2eaa099e7caad093b97d66e77

affected

459aa660eb1d8ce67080da1983bb81d716aa5a69 before 3963f16cc7643b461271989b712329520374ad2a

affected

459aa660eb1d8ce67080da1983bb81d716aa5a69 before ba6b8b02a3314e62571a540efa96560888c5f03e

affected

459aa660eb1d8ce67080da1983bb81d716aa5a69 before 5013bd54d283eda5262c9ae3bcc966d01daf8576

affected

459aa660eb1d8ce67080da1983bb81d716aa5a69 before 136cfaca22567a03bbb3bf53a43d8cb5748b80ec

affected

Default status

affected

4.7

affected

Any version before 4.7

unaffected

4.19.308

unaffected

5.4.270

unaffected

5.10.211

unaffected

5.15.150

unaffected

6.1.80

unaffected

6.6.19

unaffected

6.7.7

unaffected

6.8

unaffected

References

git.kernel.org/...c/f0ecdfa679189d26aedfe24212d4e69e42c2c861

git.kernel.org/...c/f8cbd1791900b5d96466eede8e9439a5b9ca4de7

git.kernel.org/...c/2e534fd15e5c2ca15821c897352cf0e8a3e30dca

git.kernel.org/...c/a576308800be28f2eaa099e7caad093b97d66e77

git.kernel.org/...c/3963f16cc7643b461271989b712329520374ad2a

git.kernel.org/...c/ba6b8b02a3314e62571a540efa96560888c5f03e

git.kernel.org/...c/5013bd54d283eda5262c9ae3bcc966d01daf8576

git.kernel.org/...c/136cfaca22567a03bbb3bf53a43d8cb5748b80ec

cve.org (CVE-2024-26754)

nvd.nist.gov (CVE-2024-26754)

Download JSON