CVE-2024-57901

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel has been resolved, specifically in the af packet module. The issue was caused by a forgotten case for MSG PEEK in the vlan get protocol dgram() function, allowing a crash to occur. The function has been reworked to not touch the skb at all, making it usable from multiple CPUs on the same skb. A const qualifier has been added to the skb argument. The vulnerability was discovered by syzbot and is related to a kernel bug that causes a crash when the skb under panic function is called.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the vlan get protocol dgram() function until a patch is available. Restrict access to the vulnerable module af packet to minimize the risk of exploitation. Avoid using the MSG PEEK flag in the affected API endpoint until the issue is resolved.