vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-38538): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:L/Au:S/C:C/I:N/A:C)	Jun 19, 2024	Aug 9, 2024	Aug 18, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:C)

Published

Jun 19, 2024

Added

Aug 9, 2024

Modified

Aug 18, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: xmit: make sure we have at least eth header len bytes

syzbot triggered an uninit value[1] error in bridge device's xmit path
by sending a short (less than ETH_HLEN bytes) skb. To fix it check if
we can actually pull that amount instead of assuming.

Tested with dropwatch:
drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3)
origin: software
timestamp: Mon May 13 11:31:53 2024 778214037 nsec
protocol: 0x88a8
length: 2
original length: 2
drop reason: PKT_TOO_SMALL

[1]
BUG: KMSAN: uninit-value in br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65
br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65
__netdev_start_xmit include/linux/netdevice.h:4903 [inline]
netdev_start_xmit include/linux/netdevice.h:4917 [inline]
xmit_one net/core/dev.c:3531 [inline]
dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547
__dev_queue_xmit+0x34db/0x5350 net/core/dev.c:4341
dev_queue_xmit include/linux/netdevice.h:3091 [inline]
__bpf_tx_skb net/core/filter.c:2136 [inline]
__bpf_redirect_common net/core/filter.c:2180 [inline]
__bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187
____bpf_clone_redirect net/core/filter.c:2460 [inline]
bpf_clone_redirect+0x328/0x470 net/core/filter.c:2432
___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997
__bpf_prog_run512+0xb5/0xe0 kernel/bpf/core.c:2238
bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
__bpf_prog_run include/linux/filter.h:657 [inline]
bpf_prog_run include/linux/filter.h:664 [inline]
bpf_test_run+0x499/0xc30 net/bpf/test_run.c:425
bpf_prog_test_run_skb+0x14ea/0x1f20 net/bpf/test_run.c:1058
bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4269
__sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678
__do_sys_bpf kernel/bpf/syscall.c:5767 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5765 [inline]
__x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765
x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f

Solutions

ubuntu-upgrade-linux-image-4-15-0-1137-oracleubuntu-upgrade-linux-image-4-15-0-1158-kvmubuntu-upgrade-linux-image-4-15-0-1168-gcpubuntu-upgrade-linux-image-4-15-0-1175-awsubuntu-upgrade-linux-image-4-15-0-1183-azureubuntu-upgrade-linux-image-4-15-0-231-genericubuntu-upgrade-linux-image-4-15-0-231-lowlatencyubuntu-upgrade-linux-image-4-4-0-1138-awsubuntu-upgrade-linux-image-4-4-0-1139-kvmubuntu-upgrade-linux-image-4-4-0-1176-awsubuntu-upgrade-linux-image-4-4-0-261-genericubuntu-upgrade-linux-image-4-4-0-261-lowlatencyubuntu-upgrade-linux-image-5-15-0-1039-xilinx-zynqmpubuntu-upgrade-linux-image-5-15-0-1056-gkeopubuntu-upgrade-linux-image-5-15-0-1066-ibmubuntu-upgrade-linux-image-5-15-0-1066-raspiubuntu-upgrade-linux-image-5-15-0-1068-nvidiaubuntu-upgrade-linux-image-5-15-0-1068-nvidia-lowlatencyubuntu-upgrade-linux-image-5-15-0-1070-gkeubuntu-upgrade-linux-image-5-15-0-1070-kvmubuntu-upgrade-linux-image-5-15-0-1071-intel-iotgubuntu-upgrade-linux-image-5-15-0-1071-oracleubuntu-upgrade-linux-image-5-15-0-1072-gcpubuntu-upgrade-linux-image-5-15-0-1073-awsubuntu-upgrade-linux-image-5-15-0-1078-azureubuntu-upgrade-linux-image-5-15-0-127-genericubuntu-upgrade-linux-image-5-15-0-127-generic-64kubuntu-upgrade-linux-image-5-15-0-127-generic-lpaeubuntu-upgrade-linux-image-5-15-0-127-lowlatencyubuntu-upgrade-linux-image-5-15-0-127-lowlatency-64kubuntu-upgrade-linux-image-5-4-0-1045-iotubuntu-upgrade-linux-image-5-4-0-1055-xilinx-zynqmpubuntu-upgrade-linux-image-5-4-0-1083-ibmubuntu-upgrade-linux-image-5-4-0-1096-bluefieldubuntu-upgrade-linux-image-5-4-0-1120-raspiubuntu-upgrade-linux-image-5-4-0-1124-kvmubuntu-upgrade-linux-image-5-4-0-1135-oracleubuntu-upgrade-linux-image-5-4-0-1136-awsubuntu-upgrade-linux-image-5-4-0-1140-gcpubuntu-upgrade-linux-image-5-4-0-1142-azureubuntu-upgrade-linux-image-5-4-0-202-genericubuntu-upgrade-linux-image-5-4-0-202-generic-lpaeubuntu-upgrade-linux-image-5-4-0-202-lowlatencyubuntu-upgrade-linux-image-6-8-0-1008-gkeubuntu-upgrade-linux-image-6-8-0-1009-raspiubuntu-upgrade-linux-image-6-8-0-1010-ibmubuntu-upgrade-linux-image-6-8-0-1010-oemubuntu-upgrade-linux-image-6-8-0-1010-oracleubuntu-upgrade-linux-image-6-8-0-1010-oracle-64kubuntu-upgrade-linux-image-6-8-0-1011-nvidiaubuntu-upgrade-linux-image-6-8-0-1011-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1012-azureubuntu-upgrade-linux-image-6-8-0-1012-azure-fdeubuntu-upgrade-linux-image-6-8-0-1012-gcpubuntu-upgrade-linux-image-6-8-0-1013-awsubuntu-upgrade-linux-image-6-8-0-40-genericubuntu-upgrade-linux-image-6-8-0-40-generic-64kubuntu-upgrade-linux-image-6-8-0-40-lowlatencyubuntu-upgrade-linux-image-6-8-0-40-lowlatency-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-hweubuntu-upgrade-linux-image-aws-lts-18-04ubuntu-upgrade-linux-image-aws-lts-20-04ubuntu-upgrade-linux-image-aws-lts-22-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-cvmubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-azure-lts-18-04ubuntu-upgrade-linux-image-azure-lts-20-04ubuntu-upgrade-linux-image-azure-lts-22-04ubuntu-upgrade-linux-image-bluefieldubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-lts-18-04ubuntu-upgrade-linux-image-gcp-lts-20-04ubuntu-upgrade-linux-image-gcp-lts-22-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-16-04ubuntu-upgrade-linux-image-generic-hwe-18-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-generic-lts-xenialubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-5-15ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-5-15ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-20-04ubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-intelubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-hwe-16-04ubuntu-upgrade-linux-image-lowlatency-hwe-18-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-lts-xenialubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-oemubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-20-04bubuntu-upgrade-linux-image-oem-20-04cubuntu-upgrade-linux-image-oem-20-04dubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oem-osp1ubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-lts-18-04ubuntu-upgrade-linux-image-oracle-lts-20-04ubuntu-upgrade-linux-image-oracle-lts-22-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-hwe-18-04ubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-raspi2ubuntu-upgrade-linux-image-snapdragon-hwe-18-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-16-04ubuntu-upgrade-linux-image-virtual-hwe-18-04ubuntu-upgrade-linux-image-virtual-hwe-20-04ubuntu-upgrade-linux-image-virtual-hwe-24-04ubuntu-upgrade-linux-image-virtual-lts-xenialubuntu-upgrade-linux-image-xilinx-zynqmp

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today