You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to
https://nvd.nist.gov
An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
This CVE has been marked Rejected in the CVE List. These CVEs are stored in the NVD, but do not show up in search results by default.
Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Metrics
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected].
Title: kernel de Linux
Description: En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net/rds: Corrección de UBSAN: array-index-out-of-bounds en rds_cmsg_recv El bloqueo de Syzcaller UBSAN ocurre en rds_cmsg_recv(), que dice inc->i_rx_lat_trace[j + 1] con índice 4 (3 + 1), pero con tamaño de matriz de 4 (RDS_RX_MAX_TRACES). Aquí 'j' se asigna desde rs->rs_rx_trace[i] y, a su vez, desde trace.rx_trace_pos[i] en rds_recv_track_latency(), con ambas matrices de tamaño 3 (RDS_MSG_RX_DGRAM_TRACE_MAX). Así que arregle la verificación de los límites fuera de uno en rds_recv_track_latency() para evitar un posible fallo en rds_cmsg_recv(). Encontrado por syzcaller: ================================================ =================== UBSAN: índice de matriz fuera de los límites en net/rds/recv.c:585:39 el índice 4 está fuera de rango para el tipo 'u64 [4]' CPU: 1 PID: 8058 Comm: syz-executor228 No contaminado 6.6.0-gd2f51b3516da #1 Nombre del hardware: PC estándar QEMU (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/ Seguimiento de llamadas de 2014: __dump_stack lib/dump_stack.c:88 [en línea] dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [en línea] __ubsan_handle_out_of_bounds+0xd5/0x130 lib/ubsan. c:348 rds_cmsg_recv+0x60d/0x700 net/rds/recv.c:585 rds_recvmsg+0x3fb/0x1610 net/rds/recv.c:716 sock_recvmsg_nosec net/socket.c:1044 [en línea] sock_recvmsg+0xe2/0x1 60 netos/toma .c:1066 __sys_recvfrom+0x1b6/0x2f0 net/socket.c:2246 __do_sys_recvfrom net/socket.c:2264 [en línea] __se_sys_recvfrom net/socket.c:2260 [en línea] __x64_sys_recvfrom+0xe0/0x1b0 net/socket .c:2260 do_syscall_x64 arch/x86/entry/common.c:51 [en línea] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82 Entry_SYSCALL_64_after_hwframe+0x63/0x6b =============== ==================================================== ==
CVE Modified by kernel.org3/12/2024 10:15:07 AM
Action
Type
Old Value
New Value
Changed
Description
In the Linux kernel, the following vulnerability has been resolved:
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
Syzcaller UBSAN crash occurs in rds_cmsg_recv(),
which reads inc->i_rx_lat_trace[j + 1] with index 4 (3 + 1),
but with array size of 4 (RDS_RX_MAX_TRACES).
Here 'j' is assigned from rs->rs_rx_trace[i] and in-turn from
trace.rx_trace_pos[i] in rds_recv_track_latency(),
with both arrays sized 3 (RDS_MSG_RX_DGRAM_TRACE_MAX). So fix the
off-by-one bounds check in rds_recv_track_latency() to prevent
a potential crash in rds_cmsg_recv().
Found by syzcaller:
=================================================================
UBSAN: array-index-out-of-bounds in net/rds/recv.c:585:39
index 4 is out of range for type 'u64 [4]'
CPU: 1 PID: 8058 Comm: syz-executor228 Not tainted 6.6.0-gd2f51b3516da #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0xd5/0x130 lib/ubsan.c:348
rds_cmsg_recv+0x60d/0x700 net/rds/recv.c:585
rds_recvmsg+0x3fb/0x1610 net/rds/recv.c:716
sock_recvmsg_nosec net/socket.c:1044 [inline]
sock_recvmsg+0xe2/0x160 net/socket.c:1066
__sys_recvfrom+0x1b6/0x2f0 net/socket.c:2246
__do_sys_recvfrom net/socket.c:2264 [inline]
__se_sys_recvfrom net/socket.c:2260 [inline]
__x64_sys_recvfrom+0xe0/0x1b0 net/socket.c:2260
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
==================================================================
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Removed
Reference
Linux https://git.kernel.org/stable/c/00d1ee8e1d02194f7b7b433e904e04bbcd2cc0dc
Removed
Reference
Linux https://git.kernel.org/stable/c/0b787c2dea15e7a2828fa3a74a5447df4ed57711
Removed
Reference
Linux https://git.kernel.org/stable/c/13e788deb7348cc88df34bed736c3b3b9927ea52
Removed
Reference
Linux https://git.kernel.org/stable/c/344350bfa3b4b37d7c3d5a00536e6fbf0e953fbf
Removed
Reference
Linux https://git.kernel.org/stable/c/5ae8d50044633306ff160fcf7faa24994175efe1
Removed
Reference
Linux https://git.kernel.org/stable/c/71024928b3f71ce4529426f8692943205c58d30b
Removed
Reference
Linux https://git.kernel.org/stable/c/7a73190ea557e7f26914b0fe04c1f57a96cb771f
Removed
Reference
Linux https://git.kernel.org/stable/c/a37ae111db5e0f7e3d6b692056c30e3e0f6f79cd
CVE Rejected by kernel.org3/12/2024 10:15:07 AM
Action
Type
Old Value
New Value
New CVE Received from kernel.org3/11/2024 2:15:19 PM
Action
Type
Old Value
New Value
Added
Description
In the Linux kernel, the following vulnerability has been resolved:
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
Syzcaller UBSAN crash occurs in rds_cmsg_recv(),
which reads inc->i_rx_lat_trace[j + 1] with index 4 (3 + 1),
but with array size of 4 (RDS_RX_MAX_TRACES).
Here 'j' is assigned from rs->rs_rx_trace[i] and in-turn from
trace.rx_trace_pos[i] in rds_recv_track_latency(),
with both arrays sized 3 (RDS_MSG_RX_DGRAM_TRACE_MAX). So fix the
off-by-one bounds check in rds_recv_track_latency() to prevent
a potential crash in rds_cmsg_recv().
Found by syzcaller:
=================================================================
UBSAN: array-index-out-of-bounds in net/rds/recv.c:585:39
index 4 is out of range for type 'u64 [4]'
CPU: 1 PID: 8058 Comm: syz-executor228 Not tainted 6.6.0-gd2f51b3516da #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0xd5/0x130 lib/ubsan.c:348
rds_cmsg_recv+0x60d/0x700 net/rds/recv.c:585
rds_recvmsg+0x3fb/0x1610 net/rds/recv.c:716
sock_recvmsg_nosec net/socket.c:1044 [inline]
sock_recvmsg+0xe2/0x160 net/socket.c:1066
__sys_recvfrom+0x1b6/0x2f0 net/socket.c:2246
__do_sys_recvfrom net/socket.c:2264 [inline]
__se_sys_recvfrom net/socket.c:2260 [inline]
__x64_sys_recvfrom+0xe0/0x1b0 net/socket.c:2260
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
==================================================================
Added
Reference
Linux https://git.kernel.org/stable/c/00d1ee8e1d02194f7b7b433e904e04bbcd2cc0dc [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/0b787c2dea15e7a2828fa3a74a5447df4ed57711 [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/13e788deb7348cc88df34bed736c3b3b9927ea52 [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/344350bfa3b4b37d7c3d5a00536e6fbf0e953fbf [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/5ae8d50044633306ff160fcf7faa24994175efe1 [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/71024928b3f71ce4529426f8692943205c58d30b [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/7a73190ea557e7f26914b0fe04c1f57a96cb771f [No types assigned]
Added
Reference
Linux https://git.kernel.org/stable/c/a37ae111db5e0f7e3d6b692056c30e3e0f6f79cd [No types assigned]
Quick Info
CVE Dictionary Entry: CVE-2024-26613 NVD
Published Date: 03/11/2024 NVD
Last Modified: 03/12/2024
Source: kernel.org
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
