// For flags

CVE-2024-26723

lan966x: Fix crash when adding interface under a lag

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

lan966x: Fix crash when adding interface under a lag

There is a crash when adding one of the lan966x interfaces under a lag
interface. The issue can be reproduced like this:
ip link add name bond0 type bond miimon 100 mode balance-xor
ip link set dev eth0 master bond0

The reason is because when adding a interface under the lag it would go
through all the ports and try to figure out which other ports are under
that lag interface. And the issue is that lan966x can have ports that are
NULL pointer as they are not probed. So then iterating over these ports
it would just crash as they are NULL pointers.
The fix consists in actually checking for NULL pointers before accessing
something from the ports. Like we do in other places.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: lan966x: se solucionó el bloqueo al agregar una interfaz con un retraso. Se produce un bloqueo al agregar una de las interfaces lan966x con un retraso. El problema se puede reproducir así: enlace ip agregar nombre bond0 tipo bond miimon modo 100 balance-xor enlace ip establecer dev eth0 master bond0 La razón es que al agregar una interfaz bajo el retraso pasaría por todos los puertos e intentaría calcular determine qué otros puertos están bajo esa interfaz de retraso. Y el problema es que lan966x puede tener puertos que sean punteros NULL ya que no están sondeados. Entonces, al iterar sobre estos puertos, simplemente fallaría porque son punteros NULL. La solución consiste en comprobar si hay punteros NULL antes de acceder a algo desde los puertos. Como hacemos en otros lugares.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-02-19 CVE Reserved
  • 2024-04-03 CVE Published
  • 2024-04-04 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1 < 6.1.79
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.1.79"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1 < 6.6.18
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.6.18"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1 < 6.7.6
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.7.6"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1 < 6.8
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.8"
en
Affected