Описание
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_skbmod: Skip non-Ethernet packets
Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2
protocol, which is not always the case. As an example, for CAN devices:
$ ip link add dev vcan0 type vcan
$ ip link set up vcan0
$ tc qdisc add dev vcan0 root handle 1: htb
$ tc filter add dev vcan0 parent 1: protocol ip prio 10
matchall action skbmod swap mac
Doing the above silently corrupts all the packets. Do not perform skbmod
actions for non-Ethernet packets.
A vulnerability was found in the Linux kernel’s act_skbmod module, where the tcf_skbmod_act() function mistakenly assumes all packets use Ethernet as their protocol. This issue can lead to the corruption of non-Ethernet packets, such as those from CAN devices, if skbmod actions are incorrectly applied. This misinterpretation results in unexpected packet manipulation and data corruption.
Отчет
A flaw in the act_skbmod traffic control action caused it to modify non-Ethernet packets without validating the link-layer type, silently corrupting frames on devices such as CAN. The patch adds a guard to skip skbmod actions unless skb->dev->type == ARPHRD_ETHER. This results in a moderate (or low) severity local integrity issue requiring administrative privileges within a (network) namespace to trigger. This vulnerability is classified as moderate severity due to its potential impact on packet integrity. Please note that this fix was incorporated in Red Hat Enterprise Linux 8.10 at the time of its release.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 8 | kernel | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | kernel | Fixed | RHSA-2024:4447 | 10.07.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | kernel | Fixed | RHSA-2024:4447 | 10.07.2024 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | kernel | Fixed | RHSA-2024:4447 | 10.07.2024 |
Показывать по
Дополнительная информация
Статус:
4.2 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices: $ ip link add dev vcan0 type vcan $ ip link set up vcan0 $ tc qdisc add dev vcan0 root handle 1: htb $ tc filter add dev vcan0 parent 1: protocol ip prio 10 \ matchall action skbmod swap mac Doing the above silently corrupts all the packets. Do not perform skbmod actions for non-Ethernet packets.
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices: $ ip link add dev vcan0 type vcan $ ip link set up vcan0 $ tc qdisc add dev vcan0 root handle 1: htb $ tc filter add dev vcan0 parent 1: protocol ip prio 10 \ matchall action skbmod swap mac Doing the above silently corrupts all the packets. Do not perform skbmod actions for non-Ethernet packets.
In the Linux kernel, the following vulnerability has been resolved: n ...
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices: $ ip link add dev vcan0 type vcan $ ip link set up vcan0 $ tc qdisc add dev vcan0 root handle 1: htb $ tc filter add dev vcan0 parent 1: protocol ip prio 10 \ matchall action skbmod swap mac Doing the above silently corrupts all the packets. Do not perform skbmod actions for non-Ethernet packets.
Уязвимость функции tcf_skbmod_act() модуля net/sched/act_skbmod.c подсистемы управления трафиком net/sched ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
4.2 Medium
CVSS3