Bug 2270100 (CVE-2024-26640)

Summary: CVE-2024-26640 kernel: tcp: add sanity checks to rx zerocopy
Product: [Other] Security Response Reporter: Zack Miele <zmiele>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, allarkin, aquini, bhu, chwhite, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jfaracco, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, scweaver, sidakwo, sukulkar, tglozar, vkumar, vsroka, wcosta, williams, wmealing, ycote, ykopkova
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.10.210, kernel 5.15.149, kernel 6.1.77, kernel 6.6.16, kernel 6.7.4, kernel 6.8 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Linux Kernel where rx zerocopy feature allowed mapping of pages owned by the filesystem, leading to potential system panic which is caused by the lack of sanity checks to rx zerocopy. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2270101    
Bug Blocks: 2270180    

Description Zack Miele 2024-03-18 13:33:26 UTC 
In the Linux kernel, the following vulnerability has been resolved:

tcp: add sanity checks to rx zerocopy

The Linux kernel CVE team has assigned CVE-2024-26640 to this issue.

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/20240318102117.2839904-11-lee@kernel.org/T
Comment 1 Zack Miele 2024-03-18 13:34:00 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2270101]
Comment 5 Justin M. Forbes 2024-03-25 19:44:59 UTC 
This was fixed for Fedora with the 6.7.4 stable kernel updates.
Comment 15 errata-xmlrpc 2024-08-07 00:22:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:5065 https://access.redhat.com/errata/RHSA-2024:5065
Comment 16 errata-xmlrpc 2024-08-08 04:40:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
Comment 17 errata-xmlrpc 2024-08-08 04:51:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
Comment 18 errata-xmlrpc 2024-08-13 00:26:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:5255 https://access.redhat.com/errata/RHSA-2024:5255
Comment 21 errata-xmlrpc 2024-10-30 01:26:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:8617 https://access.redhat.com/errata/RHSA-2024:8617
Comment 23 errata-xmlrpc 2024-11-13 00:11:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:9498 https://access.redhat.com/errata/RHSA-2024:9498
Comment 24 errata-xmlrpc 2024-11-13 00:25:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:9497 https://access.redhat.com/errata/RHSA-2024:9497