CVE-2024-40983

MEDIUM EPSS 21.2%
Published Jul 12, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 12, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before entering the xfrm type handlers"): "Crypto requests might return asynchronous. In this case we leave the rcu protected region, so force a refcount on the skb's destination entry before we enter the xfrm type input/output handlers." On TIPC decryption path it has the same problem, and skb_dst_force() should be called before doing decryption to avoid a possible crash. Shuang reported this issue when this warning is triggered: [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug [] Workqueue: crypto cryptd_queue_worker [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Call Trace: [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc] [] tipc_rcv+0xcf5/0x1060 [tipc] [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc] [] cryptd_aead_crypt+0xdb/0x190 [] cryptd_queue_worker+0xed/0x190 [] process_one_work+0x93d/0x17e0

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
21.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥5.5  –  <5.10.221
linuxlinux_kernel*≥5.11  –  <5.15.162
linuxlinux_kernel*≥5.16  –  <6.1.96
linuxlinux_kernel*≥6.2  –  <6.6.36
linuxlinux_kernel*≥6.7  –  <6.9.7
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93
    Patch