{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-42321",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-07-30T07:40:12.279Z",
        "datePublished": "2024-08-17T09:09:33.505Z",
        "dateUpdated": "2024-09-15T17:53:33.262Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-09-15T17:53:33.262Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 (\"net: add and use __skb_get_hash_symmetric_net\")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]"
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "net/core/flow_dissector.c"
                    ],
                    "versions": [
                        {
                            "version": "9b52e3f267a6",
                            "lessThan": "eb03d9826aa6",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "9b52e3f267a6",
                            "lessThan": "4afbac11f2f6",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "9b52e3f267a6",
                            "lessThan": "c5d21aabf1b3",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "9b52e3f267a6",
                            "lessThan": "120f1c857a73",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "net/core/flow_dissector.c"
                    ],
                    "versions": [
                        {
                            "version": "5.2",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "5.2",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.1.103",
                            "lessThanOrEqual": "6.1.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.6.44",
                            "lessThanOrEqual": "6.6.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.10.3",
                            "lessThanOrEqual": "6.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.11",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035"
                },
                {
                    "url": "https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107"
                },
                {
                    "url": "https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0"
                },
                {
                    "url": "https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b"
                }
            ],
            "title": "net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE",
            "x_generator": {
                "engine": "bippy-c9c4e1df01b2"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2024-42321",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2024-09-10T16:09:25.850374Z"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-09-12T17:33:25.817Z"
                }
            }
        ]
    }
}