CVE-2024-27013
tun: limit printing rate when illegal packet received by tun dev
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
tun: limit printing rate when illegal packet received by tun dev
vhost_worker will call tun call backs to receive packets. If too many
illegal packets arrives, tun_do_read will keep dumping packet contents.
When console is enabled, it will costs much more cpu time to dump
packet and soft lockup will be detected.
net_ratelimit mechanism can be used to limit the dumping rate.
PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980"
#0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253
#1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3
#2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e
#3 [fffffe00003fced0] do_nmi at ffffffff8922660d
#4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663
[exception RIP: io_serial_in+20]
RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002
RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000
RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0
RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f
R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020
R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#5 [ffffa655314979e8] io_serial_in at ffffffff89792594
#6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470
#7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6
#8 [ffffa65531497a20] uart_console_write at ffffffff8978b605
#9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558
#10 [ffffa65531497ac8] console_unlock at ffffffff89316124
#11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07
#12 [ffffa65531497b68] printk at ffffffff89318306
#13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765
#14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun]
#15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun]
#16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net]
#17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost]
#18 [ffffa65531497f10] kthread at ffffffff892d2e72
#19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tun: limita la velocidad de impresión cuando el paquete ilegal recibido por tun dev vhost_worker llamará a tun para recibir paquetes. Si llegan demasiados paquetes ilegales, tun_do_read seguirá descargando el contenido de los paquetes. Cuando la consola está habilitada, le costará mucho más tiempo a la CPU volcar el paquete y se detectará un bloqueo suave. El mecanismo net_ratelimit se puede utilizar para limitar la tasa de dumping. PID: 33036 TAREA: ffff949da6f20000 CPU: 23 COMANDO: "vhost-32980" #0 [fffffe00003fce50] crash_nmi_callback en ffffffff89249253 #1 [fffffe00003fce58] nmi_handle en ffffffff89225fa3 #2 00003fceb0] default_do_nmi en ffffffff8922642e #3 [fffffe00003fced0] do_nmi en ffffffff8922660d #4 [fffffe00003fcef0] end_repeat_nmi en ffffffff89c01663 [excepción RIP: io_serial_in+20] RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002 RAX: ffffffff89792500 RBX: ff8af428a0 RCX: 0000000000000000 RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0 RBP: 0000000000002710 R8: 00000000000000004 R9: 000000000000000f R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020 R13: ffffffff8acbf698 R14: 00000000000000058 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #5 [ffffa655314979e8] io_serial_in en ffffffff89792594 #6 [ffffa655314979e8] wait_for_xmitr en ffffffff89793470 #7 [ffffa65531497a08] console_putchar en ffffffff897934f6 #8 [ffffa65531497a20] uart_console_write en ffffffff8978b605 #9 [ffffa65531497a48] serial8250_console_write en ffffffff89796558 #10 [ffffa65531497ac8] console_unlock en ffffffff8 9316124 #11 [ffffa65531497b10] vprintk_emit en ffffffff89317c07 #12 [ffffa65531497b68] printk en ffffffff89318306 #13 [ffffa65531497bc8] print_hex_dump en ffffffff89650765 # 14 [ffffa65531497ca8] tun_do_read en ffffffffc0b06c27 [tun] #15 [ffffa65531497d38] tun_recvmsg en ffffffffc0b06e34 [tun] #16 [ffffa65531497d68] handle_rx en ffffffffc0c5d682 [vhost_net] #17 [ffffa65531497ed0] vhost_worker en ffffffffc0c644dc [vhost] #18 [ffffa65531497f10] kthread en ffffffff892d2e72 #19 [ffffa65531497f50] ret_from_fork en ffffffff89c0022f
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-05-01 CVE Published
- 2024-05-24 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (13)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-27013 | 2024-11-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2278270 | 2024-11-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.35 < 4.19.313 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 4.19.313" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.35 < 5.4.275 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 5.4.275" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.35 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 5.10.216" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.35 < 5.15.157 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 5.15.157" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.35 < 6.1.88 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 6.1.88" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.35 < 6.6.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 6.6.29" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.35 < 6.8.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 6.8.8" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.35 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.35 < 6.9" | en |
Affected
|