2337105 – (CVE-2024-57791) CVE-2024-57791 kernel: net/smc: check return value of sock_recvmsg when draining clc data

Bug 2337105 (CVE-2024-57791) - CVE-2024-57791 kernel: net/smc: check return value of sock_recvmsg when draining clc data

Summary: CVE-2024-57791 kernel: net/smc: check return value of sock_recvmsg when drain...

Keywords:
Status:	NEW
Alias:	CVE-2024-57791
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-01-11 13:02 UTC by OSIDB Bzimport
Modified:	2025-02-04 18:15 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-01-11 13:02:00 UTC

In the Linux kernel, the following vulnerability has been resolved:

net/smc: check return value of sock_recvmsg when draining clc data

When receiving clc msg, the field length in smc_clc_msg_hdr indicates the
length of msg should be received from network and the value should not be
fully trusted as it is from the network. Once the value of length exceeds
the value of buflen in function smc_clc_wait_msg it may run into deadloop
when trying to drain the remaining data exceeding buflen.

This patch checks the return value of sock_recvmsg when draining data in
case of deadloop in draining.

Comment 1 Avinash Hanwate 2025-01-13 07:54:29 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025011147-CVE-2024-57791-7bc8@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.