Bug 2299240 (CVE-2024-41090) - CVE-2024-41090 kernel: virtio-net: tap: mlx5_core short frame denial of service
Summary: CVE-2024-41090 kernel: virtio-net: tap: mlx5_core short frame denial of service
Keywords:
Status: NEW
Alias: CVE-2024-41090
Deadline: 2024-07-24
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2303072
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-22 10:29 UTC by Mauro Matteo Cascella
Modified: 2024-10-21 09:47 UTC (History)
56 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:6299 0 None None None 2024-09-04 08:15:15 UTC
Red Hat Product Errata RHBA-2024:7043 0 None None None 2024-09-24 09:43:16 UTC
Red Hat Product Errata RHBA-2024:7198 0 None None None 2024-09-26 09:48:57 UTC
Red Hat Product Errata RHBA-2024:7236 0 None None None 2024-09-26 14:37:46 UTC
Red Hat Product Errata RHBA-2024:7637 0 None None None 2024-10-03 14:46:05 UTC
Red Hat Product Errata RHBA-2024:8227 0 None None None 2024-10-17 06:46:08 UTC
Red Hat Product Errata RHSA-2024:5256 0 None None None 2024-08-13 00:11:12 UTC
Red Hat Product Errata RHSA-2024:5257 0 None None None 2024-08-13 00:17:14 UTC
Red Hat Product Errata RHSA-2024:5281 0 None None None 2024-08-13 14:34:12 UTC
Red Hat Product Errata RHSA-2024:5582 0 None None None 2024-08-19 18:23:42 UTC
Red Hat Product Errata RHSA-2024:5672 0 None None None 2024-08-21 00:26:31 UTC
Red Hat Product Errata RHSA-2024:5673 0 None None None 2024-08-21 00:15:12 UTC
Red Hat Product Errata RHSA-2024:5858 0 None None None 2024-08-26 11:22:12 UTC
Red Hat Product Errata RHSA-2024:5928 0 None None None 2024-08-28 12:21:13 UTC
Red Hat Product Errata RHSA-2024:6156 0 None None None 2024-09-03 05:50:22 UTC
Red Hat Product Errata RHSA-2024:6160 0 None None None 2024-09-03 05:33:23 UTC
Red Hat Product Errata RHSA-2024:6206 0 None None None 2024-09-03 15:43:37 UTC
Red Hat Product Errata RHSA-2024:6242 0 None None None 2024-09-03 18:45:54 UTC
Red Hat Product Errata RHSA-2024:6313 0 None None None 2024-09-04 11:20:08 UTC
Red Hat Product Errata RHSA-2024:6560 0 None None None 2024-09-10 18:23:09 UTC
Red Hat Product Errata RHSA-2024:6663 0 None None None 2024-09-12 18:19:41 UTC
Red Hat Product Errata RHSA-2024:6992 0 None None None 2024-09-24 00:34:43 UTC
Red Hat Product Errata RHSA-2024:7000 0 None None None 2024-09-24 02:34:51 UTC
Red Hat Product Errata RHSA-2024:7001 0 None None None 2024-09-24 00:39:32 UTC
Red Hat Product Errata RHSA-2024:7429 0 None None None 2024-10-01 00:44:40 UTC

Description Mauro Matteo Cascella 2024-07-22 10:29:15 UTC 
A denial-of-service (DoS) attack was found in the mlx5 driver in the Linux kernel. A KVM guest VM using virtio-net can crash the host by sending a short packet (i.e. size < ETH_HLEN). The packet may traverse through vhost-net, macvtap and vlan without any validation/drop. When this packet is presented to mlx5 driver on the host side, the kernel panic happens, since mlx5_core assumes the frame size is always >= ETH_HLEN.

This vulnerability affects both drivers/net/tun.c and drivers/net/tap.c. CVE-2024-41090 has been assigned to the TAP side of the issue.

Reference:
https://www.openwall.com/lists/oss-security/2024/07/24/4
Comment 129 errata-xmlrpc 2024-08-13 00:11:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:5256 https://access.redhat.com/errata/RHSA-2024:5256
Comment 130 errata-xmlrpc 2024-08-13 00:17:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:5257 https://access.redhat.com/errata/RHSA-2024:5257
Comment 131 errata-xmlrpc 2024-08-13 14:34:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:5281 https://access.redhat.com/errata/RHSA-2024:5281
Comment 132 errata-xmlrpc 2024-08-19 18:23:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Via RHSA-2024:5582 https://access.redhat.com/errata/RHSA-2024:5582
Comment 133 errata-xmlrpc 2024-08-21 00:15:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:5673 https://access.redhat.com/errata/RHSA-2024:5673
Comment 134 errata-xmlrpc 2024-08-21 00:26:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:5672 https://access.redhat.com/errata/RHSA-2024:5672
Comment 135 errata-xmlrpc 2024-08-26 11:22:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:5858 https://access.redhat.com/errata/RHSA-2024:5858
Comment 137 errata-xmlrpc 2024-08-28 12:21:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:5928 https://access.redhat.com/errata/RHSA-2024:5928
Comment 138 errata-xmlrpc 2024-09-03 05:33:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:6160 https://access.redhat.com/errata/RHSA-2024:6160
Comment 139 errata-xmlrpc 2024-09-03 05:50:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:6156 https://access.redhat.com/errata/RHSA-2024:6156
Comment 140 errata-xmlrpc 2024-09-03 15:43:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:6206 https://access.redhat.com/errata/RHSA-2024:6206
Comment 141 errata-xmlrpc 2024-09-03 18:45:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6242 https://access.redhat.com/errata/RHSA-2024:6242
Comment 142 errata-xmlrpc 2024-09-04 11:20:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:6313 https://access.redhat.com/errata/RHSA-2024:6313
Comment 143 errata-xmlrpc 2024-09-10 18:23:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:6560 https://access.redhat.com/errata/RHSA-2024:6560
Comment 144 errata-xmlrpc 2024-09-12 18:19:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:6663 https://access.redhat.com/errata/RHSA-2024:6663
Comment 145 errata-xmlrpc 2024-09-24 00:34:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:6992 https://access.redhat.com/errata/RHSA-2024:6992
Comment 146 errata-xmlrpc 2024-09-24 00:39:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7001 https://access.redhat.com/errata/RHSA-2024:7001
Comment 147 errata-xmlrpc 2024-09-24 02:34:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7000 https://access.redhat.com/errata/RHSA-2024:7000
Comment 148 errata-xmlrpc 2024-10-01 00:44:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7429 https://access.redhat.com/errata/RHSA-2024:7429
Note You need to log in before you can comment on or make changes to this bug.