CVE-2024-26739
Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have called tcf_mirred_forward(), however, the skb is out of our hands and returning SHOT will lead to UaF. Move the retval override to the error path which actually need it.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description kernel: net/sched: act_mirred: don't override retval if we already lost the skb CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 9kernel-0:5.14.0-427.37.1.el9_4RHSA-2024:69972024-09-24T00:00:00Z Red Hat Enterprise Linux 9kernel-0:5.14.0-427.37.1.el9_4RHSA-2024:69972024-09-24T00:00:00Z Red Hatβ¦
Description
kernel: net/sched: act_mirred: don't override retval if we already lost the skb
CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-427.37.1.el9_4 | RHSA-2024:6997 | 2024-09-24T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-427.37.1.el9_4 | RHSA-2024:6997 | 2024-09-24T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | kernel-0:5.14.0-284.75.1.el9_2 | RHSA-2024:4823 | 2024-07-24T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2 | RHSA-2024:4831 | 2024-07-24T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope |
| Red Hat Enterprise Linux 7 | kernel | Out of support scope |
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope |
| Red Hat Enterprise Linux 8 | kernel | Not affected |
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected |
| Red Hat Enterprise Linux 9 | kernel-rt | Affected |
Apply commands
yum update -y kernel
# or:
dnf upgrade -y kernelAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 8 | Not affected |
| redhat | Red Hat Enterprise Linux 8 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Affected |
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | kernel-64k-devel-matched-5.14.0-427.37.1.el9_4.aarch64.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.7.7-1 |
| sid | Fixed | 6.7.7-1 |
| forky | Fixed | 6.7.7-1 |
| bullseye | Fixed | 5.10.244-1 |
| bookworm | Fixed | 6.1.137-1 |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2024:6997
- https://www.suse.com/security/cve/CVE-2024-26739.html
- https://security-tracker.debian.org/tracker/CVE-2024-26739
- https://bugzilla.redhat.com/2265271
- https://bugzilla.redhat.com/2273270
- https://bugzilla.redhat.com/2278167
- https://bugzilla.redhat.com/2278245
- https://bugzilla.redhat.com/2278248
- https://bugzilla.redhat.com/2278250
- https://bugzilla.redhat.com/2278252
- https://bugzilla.redhat.com/2278318
- https://bugzilla.redhat.com/2281677
- https://bugzilla.redhat.com/2283894
- https://bugzilla.redhat.com/2284549
- https://bugzilla.redhat.com/2293348
- https://bugzilla.redhat.com/2293364
- https://bugzilla.redhat.com/2293420
- https://bugzilla.redhat.com/2293423
- https://bugzilla.redhat.com/2293431
- https://bugzilla.redhat.com/2293685
- https://bugzilla.redhat.com/2297568
- https://bugzilla.redhat.com/2300448
- https://bugzilla.redhat.com/2301543
- https://errata.almalinux.org/9/ALSA-2024-6997.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.