Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-26613

Опубликовано: 29 фев. 2024
Источник: redhat
CVSS3: 3.3

Описание

[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv The Linux kernel CVE team has assigned CVE-2024-26613 to this issue.

Отчет

This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/20240312134338.1516998-2-lee@kernel.org/

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2269199kernel: net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv

3.3 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-26613

nvd
больше 1 года назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

github логотип

GHSA-6f5g-233w-v625

github
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv Syzcaller UBSAN crash occurs in rds_cmsg_recv(), which reads inc->i_rx_lat_trace[j + 1] with index 4 (3 + 1), but with array size of 4 (RDS_RX_MAX_TRACES). Here 'j' is assigned from rs->rs_rx_trace[i] and in-turn from trace.rx_trace_pos[i] in rds_recv_track_latency(), with both arrays sized 3 (RDS_MSG_RX_DGRAM_TRACE_MAX). So fix the off-by-one bounds check in rds_recv_track_latency() to prevent a potential crash in rds_cmsg_recv(). Found by syzcaller: ================================================================= UBSAN: array-index-out-of-bounds in net/rds/recv.c:585:39 index 4 is out of range for type 'u64 [4]' CPU: 1 PID: 8058 Comm: syz-executor228 Not tainted 6.6.0-gd2f51b3516da #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x136/0...

fstec логотип

BDU:2024-04144

CVSS3: 9.1
fstec
больше 1 года назад

Уязвимость функции rds_recv_track_latency() в модуле net/rds/af_rds.c реализации протокола RDS (Reliable Datagram Sockets) ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации

redos логотип

ROS-20240821-02

CVSS3: 9.8
redos
10 месяцев назад

Множественные уязвимости kernel-lt

3.3 Low

CVSS3