CVE-2024-26733

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.74

Description: The vulnerability is related to a buffer overflow in the arp req get() function in the Linux kernel. When the ioctl(SIOCGARP) command is issued, the function looks up a neighbor entry and copies the neigh->ha value to the struct arpreq.arp ha.sa data buffer. However, the arp ha buffer is only 14 bytes long, which can lead to a buffer overflow when the dev->addr len is greater than 22. This can cause the arp netmask value to be overwritten, potentially allowing an attacker to gain elevated privileges.

The vulnerability can be exploited by issuing the ioctl(SIOCGARP) command with a specially crafted struct arpreq buffer, which can lead to a buffer overflow and potentially allow an attacker to execute arbitrary code.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the vulnerability. Specifically, update to a version that includes the commit b5f0de6df6dc ("net: dev: Convert sa data to flexible array in struct sockaddr") or later.

As a temporary workaround, consider disabling the arp req get() function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation.

Note: The provided information does not include details about the existence of a patch or a fixed version for all affected systems. Therefore, the recommendation to update to a newer version is based on the assumption that such a version exists and is available for the specific system in question.