Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2024-45001): Linux kernel (Azure) vulnerabilities

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Ubuntu: (Multiple Advisories) (CVE-2024-45001): Linux kernel (Azure) vulnerabilities

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
09/04/2024
Created
10/18/2024
Added
10/18/2024
Modified
11/08/2024

Description

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix RX buf alloc_size alignment and atomic op panic The MANA driver's RX buffer alloc_size is passed into napi_build_skb() to create SKB. skb_shinfo(skb) is located at the end of skb, and its alignment is affected by the alloc_size passed into napi_build_skb(). The size needs to be aligned properly for better performance and atomic operations. Otherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic operations may panic on the skb_shinfo(skb)->dataref due to alignment fault. To fix this bug, add proper alignment to the alloc_size calculation. Sample panic info: [ 253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce [ 253.300900] Mem abort info: [ 253.301760] ESR = 0x0000000096000021 [ 253.302825] EC = 0x25: DABT (current EL), IL = 32 bits [ 253.304268] SET = 0, FnV = 0 [ 253.305172] EA = 0, S1PTW = 0 [ 253.306103] FSC = 0x21: alignment fault Call trace: __skb_clone+0xfc/0x198 skb_clone+0x78/0xe0 raw6_local_deliver+0xfc/0x228 ip6_protocol_deliver_rcu+0x80/0x500 ip6_input_finish+0x48/0x80 ip6_input+0x48/0xc0 ip6_sublist_rcv_finish+0x50/0x78 ip6_sublist_rcv+0x1cc/0x2b8 ipv6_list_rcv+0x100/0x150 __netif_receive_skb_list_core+0x180/0x220 netif_receive_skb_list_internal+0x198/0x2a8 __napi_poll+0x138/0x250 net_rx_action+0x148/0x330 handle_softirqs+0x12c/0x3a0

Solution(s)

  • ubuntu-upgrade-linux-image-5-15-0-1074-azure
  • ubuntu-upgrade-linux-image-5-15-0-1074-azure-fde
  • ubuntu-upgrade-linux-image-6-8-0-1016-azure
  • ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde
  • ubuntu-upgrade-linux-image-6-8-0-1017-azure
  • ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde
  • ubuntu-upgrade-linux-image-6-8-0-1017-nvidia
  • ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k
  • ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency
  • ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k
  • ubuntu-upgrade-linux-image-azure
  • ubuntu-upgrade-linux-image-azure-cvm
  • ubuntu-upgrade-linux-image-azure-fde
  • ubuntu-upgrade-linux-image-azure-lts-22-04
  • ubuntu-upgrade-linux-image-nvidia
  • ubuntu-upgrade-linux-image-nvidia-6-8
  • ubuntu-upgrade-linux-image-nvidia-64k
  • ubuntu-upgrade-linux-image-nvidia-64k-6-8
  • ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04
  • ubuntu-upgrade-linux-image-nvidia-hwe-22-04
  • ubuntu-upgrade-linux-image-nvidia-lowlatency
  • ubuntu-upgrade-linux-image-nvidia-lowlatency-64k

References

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;