CVE-2024-50142

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: The issue involves the xfrm system in the Linux kernel. A vulnerability has been fixed where the prefix length of new SAs was not properly validated when the selector family was unset. This was exploited by syzbot, which created an SA with usersa.sel.family set to AF UNSPEC, usersa.sel.prefixlen s set to 128, and usersa.family set to AF INET. The verify newsa info function did not put limits on prefixlen {s,d} due to the AF UNSPEC selector, but later, copy from user state set x->sel.family to AF INET. To fix this, the validation in verify newsa info was expanded to convert the selector family before validating prefixlen {s,d}.

Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider restricting the use of the xfrm system until a patch is available. Avoid using the usersa.sel.family set to AF UNSPEC in the affected xfrm system until the issue is resolved.