Bug 2299336 (CVE-2024-41091) - CVE-2024-41091 kernel: virtio-net: tun: mlx5_core short frame denial of service
Summary: CVE-2024-41091 kernel: virtio-net: tun: mlx5_core short frame denial of service
Keywords:
Status: NEW
Alias: CVE-2024-41091
Deadline: 2024-07-24
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2303073
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-22 16:30 UTC by Mauro Matteo Cascella
Modified: 2024-10-21 09:47 UTC (History)
53 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:6299 0 None None None 2024-09-04 08:17:17 UTC
Red Hat Product Errata RHBA-2024:7043 0 None None None 2024-09-24 09:43:17 UTC
Red Hat Product Errata RHBA-2024:7198 0 None None None 2024-09-26 09:48:57 UTC
Red Hat Product Errata RHBA-2024:7236 0 None None None 2024-09-26 14:37:46 UTC
Red Hat Product Errata RHBA-2024:7637 0 None None None 2024-10-03 14:46:05 UTC
Red Hat Product Errata RHBA-2024:8227 0 None None None 2024-10-17 06:46:09 UTC
Red Hat Product Errata RHSA-2024:5256 0 None None None 2024-08-13 00:11:15 UTC
Red Hat Product Errata RHSA-2024:5257 0 None None None 2024-08-13 00:17:15 UTC
Red Hat Product Errata RHSA-2024:5281 0 None None None 2024-08-13 14:34:11 UTC
Red Hat Product Errata RHSA-2024:5582 0 None None None 2024-08-19 18:23:42 UTC
Red Hat Product Errata RHSA-2024:5672 0 None None None 2024-08-21 00:26:34 UTC
Red Hat Product Errata RHSA-2024:5673 0 None None None 2024-08-21 00:15:13 UTC
Red Hat Product Errata RHSA-2024:5858 0 None None None 2024-08-26 11:22:19 UTC
Red Hat Product Errata RHSA-2024:5928 0 None None None 2024-08-28 12:21:12 UTC
Red Hat Product Errata RHSA-2024:6156 0 None None None 2024-09-03 05:50:24 UTC
Red Hat Product Errata RHSA-2024:6160 0 None None None 2024-09-03 05:33:23 UTC
Red Hat Product Errata RHSA-2024:6206 0 None None None 2024-09-03 15:43:39 UTC
Red Hat Product Errata RHSA-2024:6242 0 None None None 2024-09-03 18:45:54 UTC
Red Hat Product Errata RHSA-2024:6313 0 None None None 2024-09-04 11:20:03 UTC
Red Hat Product Errata RHSA-2024:6560 0 None None None 2024-09-10 18:23:13 UTC
Red Hat Product Errata RHSA-2024:6663 0 None None None 2024-09-12 18:19:42 UTC
Red Hat Product Errata RHSA-2024:6992 0 None None None 2024-09-24 00:34:44 UTC
Red Hat Product Errata RHSA-2024:7000 0 None None None 2024-09-24 02:34:53 UTC
Red Hat Product Errata RHSA-2024:7001 0 None None None 2024-09-24 00:39:34 UTC
Red Hat Product Errata RHSA-2024:7429 0 None None None 2024-10-01 00:44:42 UTC

Description Mauro Matteo Cascella 2024-07-22 16:30:40 UTC 
A denial-of-service (DoS) attack was found in the mlx5 driver in the Linux kernel. A KVM guest VM using virtio-net can crash the host by sending a short packet (i.e. size < ETH_HLEN). The packet may traverse through vhost-net, macvtap and vlan without any validation/drop. When this packet is presented to mlx5 driver on the host side, the kernel panic happens since mlx5_core assumes the frame size is always >= ETH_HLEN.

This vulnerability affects both drivers/net/tun.c and drivers/net/tap.c. CVE-2024-41091 has been assigned to the TUN side of the issue.

Reference:
https://www.openwall.com/lists/oss-security/2024/07/24/4
Comment 134 errata-xmlrpc 2024-08-13 00:11:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:5256 https://access.redhat.com/errata/RHSA-2024:5256
Comment 135 errata-xmlrpc 2024-08-13 00:17:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:5257 https://access.redhat.com/errata/RHSA-2024:5257
Comment 136 errata-xmlrpc 2024-08-13 14:34:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:5281 https://access.redhat.com/errata/RHSA-2024:5281
Comment 137 errata-xmlrpc 2024-08-19 18:23:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Via RHSA-2024:5582 https://access.redhat.com/errata/RHSA-2024:5582
Comment 138 errata-xmlrpc 2024-08-21 00:15:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:5673 https://access.redhat.com/errata/RHSA-2024:5673
Comment 139 errata-xmlrpc 2024-08-21 00:26:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:5672 https://access.redhat.com/errata/RHSA-2024:5672
Comment 140 errata-xmlrpc 2024-08-26 11:22:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:5858 https://access.redhat.com/errata/RHSA-2024:5858
Comment 142 errata-xmlrpc 2024-08-28 12:21:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:5928 https://access.redhat.com/errata/RHSA-2024:5928
Comment 143 errata-xmlrpc 2024-09-03 05:33:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:6160 https://access.redhat.com/errata/RHSA-2024:6160
Comment 144 errata-xmlrpc 2024-09-03 05:50:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:6156 https://access.redhat.com/errata/RHSA-2024:6156
Comment 145 errata-xmlrpc 2024-09-03 15:43:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:6206 https://access.redhat.com/errata/RHSA-2024:6206
Comment 146 errata-xmlrpc 2024-09-03 18:45:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6242 https://access.redhat.com/errata/RHSA-2024:6242
Comment 147 errata-xmlrpc 2024-09-04 11:20:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:6313 https://access.redhat.com/errata/RHSA-2024:6313
Comment 148 errata-xmlrpc 2024-09-10 18:23:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:6560 https://access.redhat.com/errata/RHSA-2024:6560
Comment 149 errata-xmlrpc 2024-09-12 18:19:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:6663 https://access.redhat.com/errata/RHSA-2024:6663
Comment 150 errata-xmlrpc 2024-09-24 00:34:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:6992 https://access.redhat.com/errata/RHSA-2024:6992
Comment 151 errata-xmlrpc 2024-09-24 00:39:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7001 https://access.redhat.com/errata/RHSA-2024:7001
Comment 152 errata-xmlrpc 2024-09-24 02:34:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7000 https://access.redhat.com/errata/RHSA-2024:7000
Comment 153 errata-xmlrpc 2024-10-01 00:44:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7429 https://access.redhat.com/errata/RHSA-2024:7429
Note You need to log in before you can comment on or make changes to this bug.