PT-2024-21540 · Linux+6 · Linux Kernel+6
Published
2024-03-14
·
Updated
2025-09-29
·
CVE-2024-26863
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.7.0
Description
The issue arises when the packet type ID field in the Ethernet header is either ETH P PRP or ETH P HSR, but it is not followed by an HSR tag. In such cases, the function
hsr get skb sequence nr() reads an invalid value as a sequence number, leading to an uninit-value access issue. This problem is identified by KMSAN and occurs in the hsr get node() function. The patch for this issue involves returning NULL if the Ethernet header is not followed by an HSR tag, thus preventing the invalid read.Recommendations
To resolve this issue, update the Linux kernel to a version that includes the patch for the
hsr get node() function, which returns NULL if the Ethernet header is not followed by an HSR tag. Specifically, for Linux kernel versions prior to 6.7.0, apply the necessary patch or upgrade to a newer version where this fix is included.Exploit
Fix
Use of Uninitialized Resource
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu