Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-26733

In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") just silenced syzkaller. [0]: memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK>

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.5, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 55 products from linux, from debian, from netapp and 52 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-04-03T17:15:51.040

Last Modified

2025-03-17T16:02:47.887

Status

Analyzed

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 5.10.211	Yes
Operating System	linux	linux_kernel	< 5.15.150	Yes
Operating System	linux	linux_kernel	< 6.1.80	Yes
Operating System	linux	linux_kernel	< 6.6.19	Yes
Operating System	linux	linux_kernel	< 6.7.7	Yes
Operating System	linux	linux_kernel	5.10.211	Yes
Operating System	linux	linux_kernel	6.8	Yes
Operating System	linux	linux_kernel	6.8	Yes
Operating System	linux	linux_kernel	6.8	Yes
Operating System	linux	linux_kernel	6.8	Yes
Operating System	linux	linux_kernel	6.8	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	netapp	a1k_firmware	-	Yes
Hardware	netapp	a1k	*	No
Operating System	netapp	a70_firmware	-	Yes
Hardware	netapp	a70	*	No
Operating System	netapp	a90_firmware	-	Yes
Hardware	netapp	a90	*	No
Operating System	netapp	a700s_firmware	-	Yes
Hardware	netapp	a700s	*	No
Operating System	netapp	8300_firmware	-	Yes
Hardware	netapp	8300	*	No
Operating System	netapp	8700_firmware	-	Yes
Hardware	netapp	8700	*	No
Operating System	netapp	a400_firmware	-	Yes
Hardware	netapp	a400	*	No
Operating System	netapp	c400_firmware	-	Yes
Hardware	netapp	c400	*	No
Operating System	netapp	a320_firmware	-	Yes
Hardware	netapp	a320	*	No
Operating System	netapp	a800_firmware	-	Yes
Hardware	netapp	a800	*	No
Operating System	netapp	c800_firmware	-	Yes
Hardware	netapp	c800	*	No
Operating System	netapp	a900_firmware	-	Yes
Hardware	netapp	a900	*	No
Operating System	netapp	9500_firmware	-	Yes
Hardware	netapp	9500	*	No
Operating System	netapp	c190_firmware	-	Yes
Hardware	netapp	c190	*	No
Operating System	netapp	a150_firmware	-	Yes
Hardware	netapp	a150	*	No
Operating System	netapp	a220_firmware	-	Yes
Hardware	netapp	a220	*	No
Operating System	netapp	fas2720_firmware	-	Yes
Hardware	netapp	fas2720	*	No
Operating System	netapp	fas2750_firmware	-	Yes
Hardware	netapp	fas2750	*	No
Operating System	netapp	fas2820_firmware	-	Yes
Hardware	netapp	fas2820	*	No
Operating System	netapp	a300_firmware	-	Yes
Hardware	netapp	a300	*	No
Operating System	netapp	8200_firmware	-	Yes
Hardware	netapp	8200	*	No
Operating System	netapp	a700_firmware	-	Yes
Hardware	netapp	a700	*	No
Operating System	netapp	9000_firmware	-	Yes
Hardware	netapp	9000	*	No
Operating System	netapp	h610c_firmware	-	Yes
Hardware	netapp	h610c	*	No
Operating System	netapp	h610s_firmware	-	Yes
Hardware	netapp	h610s	*	No
Operating System	netapp	h615c_firmware	-	Yes
Hardware	netapp	h615c	*	No
Application	netapp	e-series_santricity_os_controller	≤ 11.70.2	Yes

References

https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20241101-0013/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For linux's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.