漏洞标题
tun: 添加缺失的验证功能,特别是针对短帧
漏洞描述信息
在Linux内核中,已解决以下漏洞:
tun:添加缺失的短帧验证
引用的提交在tun_xdp_one()路径中遗漏了对帧长度有效性的检查,这可能导致损坏的skb在下层发送。在skb发送之前,tun_xdp_one-->eth_type_trans()可能会访问虽然可能小于ETH_HLEN的以太网头部。一旦发送,这可能会导致超出实际长度的越界访问,或者使底层在skb元数据中以不正确或不一致的头部长度混淆。
在替代路径中,tun_get_user()已经禁止了长度小于以太网头部大小的短帧被发送,前提是IFF_TAP。
这就像tun_get_user()所做的那样,丢弃任何短于以太网头部大小的帧。
CVE:CVE-2024-41091
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
漏洞类别
跨界内存读
漏洞标题
tun: add missing verification for short frame
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
tun: add missing verification for short frame
The cited commit missed to check against the validity of the frame length
in the tun_xdp_one() path, which could cause a corrupted skb to be sent
downstack. Even before the skb is transmitted, the
tun_xdp_one-->eth_type_trans() may access the Ethernet header although it
can be less than ETH_HLEN. Once transmitted, this could either cause
out-of-bound access beyond the actual length, or confuse the underlayer
with incorrect or inconsistent header length in the skb metadata.
In the alternative path, tun_get_user() already prohibits short frame which
has the length less than Ethernet header size from being transmitted for
IFF_TAP.
This is to drop any frame shorter than the Ethernet header size just like
how tun_get_user() does.
CVE: CVE-2024-41091
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linux kernel 安全漏洞
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于不正确的输入验证,可能会导致拒绝服务。
CVSS信息
N/A
漏洞类别
其他