Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-26633

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendms ---truncated---

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.5, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 36 products from linux, from debian, from netapp and 33 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-03-18T11:15:09.867

Last Modified

2025-04-04T14:49:01.373

Status

Analyzed

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.19.306	Yes
Operating System	linux	linux_kernel	< 5.4.268	Yes
Operating System	linux	linux_kernel	< 5.10.209	Yes
Operating System	linux	linux_kernel	< 5.15.148	Yes
Operating System	linux	linux_kernel	< 6.1.75	Yes
Operating System	linux	linux_kernel	< 6.6.14	Yes
Operating System	linux	linux_kernel	< 6.7.2	Yes
Operating System	debian	debian_linux	10.0	Yes
Application	netapp	ontap_select_deploy_administration_utility	-	Yes
Application	netapp	ontap_tools	9	Yes
Operating System	netapp	a1k_firmware	-	Yes
Hardware	netapp	a1k	*	No
Operating System	netapp	a70_firmware	-	Yes
Hardware	netapp	a70	*	No
Operating System	netapp	a90_firmware	-	Yes
Hardware	netapp	a90	*	No
Operating System	netapp	a800_firmware	-	Yes
Hardware	netapp	a800	*	No
Operating System	netapp	c800_firmware	-	Yes
Hardware	netapp	c800	*	No
Operating System	netapp	a900_firmware	-	Yes
Hardware	netapp	a900	*	No
Operating System	netapp	9500_firmware	-	Yes
Hardware	netapp	9500	*	No
Operating System	netapp	c190_firmware	-	Yes
Hardware	netapp	c190	*	No
Operating System	netapp	a150_firmware	-	Yes
Hardware	netapp	a150	*	No
Operating System	netapp	a220_firmware	-	Yes
Hardware	netapp	a220	*	No
Operating System	netapp	fas2720_firmware	-	Yes
Hardware	netapp	fas2720	*	No
Operating System	netapp	fas2750_firmware	-	Yes
Hardware	netapp	fas2750	*	No
Operating System	netapp	fas2820_firmware	-	Yes
Hardware	netapp	fas2820	*	No
Operating System	netapp	h610c_firmware	-	Yes
Hardware	netapp	h610c	*	No
Operating System	netapp	h610s_firmware	-	Yes
Hardware	netapp	h610s	*	No
Operating System	netapp	h615c_firmware	-	Yes
Hardware	netapp	h615c	*	No

References

https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20241220-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For linux's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.