{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-43878",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-08-17T09:11:59.286Z",
        "datePublished": "2024-08-21T00:06:30.412Z",
        "dateUpdated": "2024-09-15T17:54:47.396Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-09-15T17:54:47.396Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Fix input error path memory access\n\nWhen there is a misconfiguration of input state slow path\nKASAN report error. Fix this error.\nwest login:\n[   52.987278] eth1: renamed from veth11\n[   53.078814] eth1: renamed from veth21\n[   53.181355] eth1: renamed from veth31\n[   54.921702] ==================================================================\n[   54.922602] BUG: KASAN: wild-memory-access in xfrmi_rcv_cb+0x2d/0x295\n[   54.923393] Read of size 8 at addr 6b6b6b6b00000000 by task ping/512\n[   54.924169]\n[   54.924386] CPU: 0 PID: 512 Comm: ping Not tainted 6.9.0-08574-gcd29a4313a1b #25\n[   54.925290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   54.926401] Call Trace:\n[   54.926731]  <IRQ>\n[   54.927009]  dump_stack_lvl+0x2a/0x3b\n[   54.927478]  kasan_report+0x84/0xa6\n[   54.927930]  ? xfrmi_rcv_cb+0x2d/0x295\n[   54.928410]  xfrmi_rcv_cb+0x2d/0x295\n[   54.928872]  ? xfrm4_rcv_cb+0x3d/0x5e\n[   54.929354]  xfrm4_rcv_cb+0x46/0x5e\n[   54.929804]  xfrm_rcv_cb+0x7e/0xa1\n[   54.930240]  xfrm_input+0x1b3a/0x1b96\n[   54.930715]  ? xfrm_offload+0x41/0x41\n[   54.931182]  ? raw_rcv+0x292/0x292\n[   54.931617]  ? nf_conntrack_confirm+0xa2/0xa2\n[   54.932158]  ? skb_sec_path+0xd/0x3f\n[   54.932610]  ? xfrmi_input+0x90/0xce\n[   54.933066]  xfrm4_esp_rcv+0x33/0x54\n[   54.933521]  ip_protocol_deliver_rcu+0xd7/0x1b2\n[   54.934089]  ip_local_deliver_finish+0x110/0x120\n[   54.934659]  ? ip_protocol_deliver_rcu+0x1b2/0x1b2\n[   54.935248]  NF_HOOK.constprop.0+0xf8/0x138\n[   54.935767]  ? ip_sublist_rcv_finish+0x68/0x68\n[   54.936317]  ? secure_tcpv6_ts_off+0x23/0x168\n[   54.936859]  ? ip_protocol_deliver_rcu+0x1b2/0x1b2\n[   54.937454]  ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\n[   54.938135]  NF_HOOK.constprop.0+0xf8/0x138\n[   54.938663]  ? ip_sublist_rcv_finish+0x68/0x68\n[   54.939220]  ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\n[   54.939904]  ? ip_local_deliver_finish+0x120/0x120\n[   54.940497]  __netif_receive_skb_one_core+0xc9/0x107\n[   54.941121]  ? __netif_receive_skb_list_core+0x1c2/0x1c2\n[   54.941771]  ? blk_mq_start_stopped_hw_queues+0xc7/0xf9\n[   54.942413]  ? blk_mq_start_stopped_hw_queue+0x38/0x38\n[   54.943044]  ? virtqueue_get_buf_ctx+0x295/0x46b\n[   54.943618]  process_backlog+0xb3/0x187\n[   54.944102]  __napi_poll.constprop.0+0x57/0x1a7\n[   54.944669]  net_rx_action+0x1cb/0x380\n[   54.945150]  ? __napi_poll.constprop.0+0x1a7/0x1a7\n[   54.945744]  ? vring_new_virtqueue+0x17a/0x17a\n[   54.946300]  ? note_interrupt+0x2cd/0x367\n[   54.946805]  handle_softirqs+0x13c/0x2c9\n[   54.947300]  do_softirq+0x5f/0x7d\n[   54.947727]  </IRQ>\n[   54.948014]  <TASK>\n[   54.948300]  __local_bh_enable_ip+0x48/0x62\n[   54.948832]  __neigh_event_send+0x3fd/0x4ca\n[   54.949361]  neigh_resolve_output+0x1e/0x210\n[   54.949896]  ip_finish_output2+0x4bf/0x4f0\n[   54.950410]  ? __ip_finish_output+0x171/0x1b8\n[   54.950956]  ip_send_skb+0x25/0x57\n[   54.951390]  raw_sendmsg+0xf95/0x10c0\n[   54.951850]  ? check_new_pages+0x45/0x71\n[   54.952343]  ? raw_hash_sk+0x21b/0x21b\n[   54.952815]  ? kernel_init_pages+0x42/0x51\n[   54.953337]  ? prep_new_page+0x44/0x51\n[   54.953811]  ? get_page_from_freelist+0x72b/0x915\n[   54.954390]  ? signal_pending_state+0x77/0x77\n[   54.954936]  ? preempt_count_sub+0x14/0xb3\n[   54.955450]  ? __might_resched+0x8a/0x240\n[   54.955951]  ? __might_sleep+0x25/0xa0\n[   54.956424]  ? first_zones_zonelist+0x2c/0x43\n[   54.956977]  ? __rcu_read_lock+0x2d/0x3a\n[   54.957476]  ? __pte_offset_map+0x32/0xa4\n[   54.957980]  ? __might_resched+0x8a/0x240\n[   54.958483]  ? __might_sleep+0x25/0xa0\n[   54.958963]  ? inet_send_prepare+0x54/0x54\n[   54.959478]  ? sock_sendmsg_nosec+0x42/0x6c\n[   54.960000]  sock_sendmsg_nosec+0x42/0x6c\n[   54.960502]  __sys_sendto+0x15d/0x1cc\n[   54.960966]  ? __x64_sys_getpeername+0x44/0x44\n[   54.961522]  ? __handle_mm_fault+0x679/0xae4\n[   54.962068]  ? find_vma+0x6b/0x\n---truncated---"
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "net/xfrm/xfrm_input.c"
                    ],
                    "versions": [
                        {
                            "version": "304b44f0d5a4",
                            "lessThan": "a4c10813bc39",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "304b44f0d5a4",
                            "lessThan": "54fcc6189dfb",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "net/xfrm/xfrm_input.c"
                    ],
                    "versions": [
                        {
                            "version": "6.10",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "6.10",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.10.3",
                            "lessThanOrEqual": "6.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.11",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/a4c10813bc394ff2b5c61f913971be216f8f8834"
                },
                {
                    "url": "https://git.kernel.org/stable/c/54fcc6189dfb822eea984fa2b3e477a02447279d"
                }
            ],
            "title": "xfrm: Fix input error path memory access",
            "x_generator": {
                "engine": "bippy-c9c4e1df01b2"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2024-43878",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2024-09-10T16:05:57.570463Z"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-09-12T17:33:17.625Z"
                }
            }
        ]
    }
}