Bug 2329003 (CVE-2024-11407)

Summary: CVE-2024-11407 grpc: Denial of Service through Data corruption in gRPC-C++
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: amctagga, aoconnor, bdettelb, bniver, brking, caswilli, doconnor, ehelms, flucifre, ggainey, gmeno, gtanzill, haoli, hkataria, jcammara, jeder, jmitchel, jneedle, jtanner, juwatts, jwong, kaycoth, kegrant, kholdawa, koliveir, kshier, mabashia, mbenjamin, mhackett, mhulan, mminar, nmoumoul, pbraun, pcreech, rbiba, rchan, shvarugh, simaishi, smallamp, smcdonal, sostapov, sskracic, stcannon, teagle, tfister, thavo, vereddy, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in gRPC. In certain configurations, the data sent by the application may be corrupted before transmission over the network, leaving the recipient with an incorrect set of bytes, which will cause RPC requests to fail. This issue may lead to a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2024-11-26 18:01:15 UTC 
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791
Comment 5 errata-xmlrpc 2025-01-15 16:51:03 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2025:0340 https://access.redhat.com/errata/RHSA-2025:0340
Comment 6 errata-xmlrpc 2025-01-15 19:35:23 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 8
  Red Hat Ansible Automation Platform 2.5 for RHEL 9

Via RHSA-2025:0341 https://access.redhat.com/errata/RHSA-2025:0341
Comment 7 errata-xmlrpc 2025-01-27 22:41:03 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 8
  Red Hat Ansible Automation Platform 2.4 for RHEL 9

Via RHSA-2025:0722 https://access.redhat.com/errata/RHSA-2025:0722
Comment 8 errata-xmlrpc 2025-02-04 16:14:51 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.16 for RHEL 8
  Red Hat Satellite 6.16 for RHEL 9

Via RHSA-2025:1019 https://access.redhat.com/errata/RHSA-2025:1019