CVE-2024-43817

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The vulnerability is related to a missing check in the virtio net hdr to skb() function, which allowed syzbot to crash kernels again. The issue occurs after the skb segment function, where the buffer may become non-linear, and the SKBTX SHARED FRAG flag is not set, causing the skb linearize function to not be executed. This leads to a condition where offset >= skb headlen(skb) becomes true, triggering a WARN ON ONCE in skb checksum help. Additionally, the struct sk buff and struct virtio net hdr members must be mathematically related, with gso size and remainder being greater than needed to avoid WARN ON ONCE. The vulnerability was found by the Linux Verification Center (linuxtesting.org) with Syzkaller.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the virtio net hdr to skb() function until a patch is available. Restrict access to the vulnerable skb segment function to minimize the risk of exploitation. Avoid using the offset and skb headlen(skb) variables in the affected API endpoint until the issue is resolved.