CVE-2024-26820

hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed

If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER
handler cannot perform VF register successfully as the register call
is received before netvsc_probe is finished. This is because we
register register_netdevice_notifier() very early( even before
vmbus_driver_register()).
To fix this, we try to register each such matching VF( if it is visible
as a netdevice) at the end of netvsc_probe.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hv_netvsc: registre VF en netvsc_probe si se perdió NET_DEVICE_REGISTER. Si el controlador hv_netvsc se descarga y se vuelve a cargar, el controlador NET_DEVICE_REGISTER no puede realizar el registro VF exitosamente ya que la llamada de registro se recibe antes de que finalice netvsc_probe. Esto se debe a que registramos Register_netdevice_notifier() muy temprano (incluso antes de vmbus_driver_register()). Para solucionar este problema, intentamos registrar cada VF coincidente (si es visible como un dispositivo de red) al final de netvsc_probe.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-17 CVE Published
2024-04-18 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (17)

URL	Tag	Source
https://git.kernel.org/stable/c/028aa21f9e92536038cabb834c15d08f5c894382	Vuln. Introduced
https://git.kernel.org/stable/c/997d895fa495fb3421983923219bba93f1a793ee	Vuln. Introduced
https://git.kernel.org/stable/c/ff6c130e48a79c826cbc2427bd8b34a7592460cc	Vuln. Introduced
https://git.kernel.org/stable/c/97683466e24c801ee4e865ce90ac7e355db2da59	Vuln. Introduced
https://git.kernel.org/stable/c/5dd83db613be8e5c5d30efed7f42780e9eb18380	Vuln. Introduced
https://git.kernel.org/stable/c/7350c460f7f48a8653a15c5c90fc9070aaa29535	Vuln. Introduced
https://git.kernel.org/stable/c/85520856466ed6bc3b1ccb013cddac70ceb437db	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d	2024-03-15
https://git.kernel.org/stable/c/c7441c77c91e47f653104be8353b44a3366a5366	2024-03-15
https://git.kernel.org/stable/c/5b10a88f64c0315cfdef45de0aaaa4eef57de0b7	2024-03-15
https://git.kernel.org/stable/c/b6d46f306b3964d05055ddaa96b58cd8bd3a472c	2024-03-15
https://git.kernel.org/stable/c/309ef7de5d840e17607e7d65cbf297c0564433ef	2024-02-23
https://git.kernel.org/stable/c/a71302c8638939c45e4ba5a99ea438185fd3f418	2024-02-23
https://git.kernel.org/stable/c/4d29a58d96a78728cb01ee29ed70dc4bd642f135	2024-02-23
https://git.kernel.org/stable/c/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2	2024-02-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.301 < 4.19.310 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.301 < 4.19.310"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.263 < 5.4.272 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.263 < 5.4.272"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.203 < 5.10.213 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.203 < 5.10.213"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.141 < 5.15.152 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.141 < 5.15.152"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.65 < 6.1.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.65 < 6.1.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.4 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.4 < 6.6.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.7.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.8"		en		Affected