Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2024-35890) ELSA-2024-4211: kernel security and bug fix update

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Linux: (CVE-2024-35890) ELSA-2024-4211: kernel security and bug fix update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
05/19/2024
Created
07/04/2024
Added
07/03/2024
Modified
07/03/2024

Description

In the Linux kernel, the following vulnerability has been resolved:

gro: fix ownership transfer

If packets are GROed with fraglist they might be segmented later on and

continue their journey in the stack. In skb_segment_list those skbs can

be reused as-is. This is an issue as their destructor was removed in

skb_gro_receive_list but not the reference to their socket, and then

they can't be orphaned. Fix this by also removing the reference to the

socket.

For example this could be observed,

kernel BUG at include/linux/skbuff.h:3131! (skb_orphan)

RIP: 0010:ip6_rcv_core+0x11bc/0x19a0

Call Trace:

ipv6_list_rcv+0x250/0x3f0

__netif_receive_skb_list_core+0x49d/0x8f0

netif_receive_skb_list_internal+0x634/0xd40

napi_complete_done+0x1d2/0x7d0

gro_cell_poll+0x118/0x1f0

A similar construction is found in skb_gro_receive, apply the same

change there.

Solution(s)

  • oracle-linux-upgrade-kernel

References

  • ELSA-2024-4211
  • CVE-2024-35890

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;