PT-2024-3388 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2024-01-19

·

Updated

2025-03-10

·

CVE-2024-26636

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.7.0
Description: A vulnerability in the Linux kernel's llc ui sendmsg() function allows an attacker to cause a denial of service. The issue occurs when the function releases the socket lock before calling sock alloc send skb(), and then reacquires it without redoing the sanity checks. This can lead to a kernel BUG at net/core/skbuff.c:193. The vulnerability can be exploited by syzbot, which can trick llc ui sendmsg() into allocating an skb with no headroom and then trying to push 14 bytes of Ethernet header.
Recommendations: To resolve this issue, update the Linux kernel to version 6.7.0 or later, which includes the fix for this vulnerability. The fix uses LL RESERVED SPACE() to reserve space, checks all conditions again after the socket lock is held, and does not account for the Ethernet header in mtu limitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

BDU:2024-03660
CVE-2024-26636
DLA-3840-1
DLA-3842-1
DSA-5681-1
OESA-2024-1566
OESA-2024-1567
OESA-2024-1568
OESA-2024-1647
OESA-2024-1648
OESA-2024-1649
OPENSUSE-SU-2024_2947-1
SUSE-SU-2024:2493-1
SUSE-SU-2024:2561-1
SUSE-SU-2024:2802-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2901-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6765-1
USN-6766-1
USN-6766-2
USN-6766-3
USN-6767-1
USN-6767-2
USN-6795-1
USN-6818-1
USN-6818-2
USN-6818-3
USN-6818-4
USN-6819-1
USN-6819-2
USN-6819-3
USN-6819-4
USN-6828-1
USN-7121-1
USN-7121-2
USN-7121-3
USN-7148-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu