Ubuntu: (Multiple Advisories) (CVE-2024-46766): Linux kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-46766): Linux kernel vulnerabilities

Severity

7

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

09/18/2024

Created

12/14/2024

Added

12/13/2024

Modified

01/28/2025

Description

In the Linux kernel, the following vulnerability has been resolved: ice: move netif_queue_set_napi to rtnl-protected sections Currently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is not rtnl-locked when called from the reset. This creates the need to take the rtnl_lock just for a single function and complicates the synchronization with .ndo_bpf. At the same time, there no actual need to fill napi-to-queue information at this exact point. Fill napi-to-queue information when opening the VSI and clear it when the VSI is being closed. Those routines are already rtnl-locked. Also, rewrite napi-to-queue assignment in a way that prevents inclusion of XDP queues, as this leads to out-of-bounds writes, such as one below. [+0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0 [+0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047 [+0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2 [+0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021 [+0.000003] Call Trace: [+0.000003]<TASK> [+0.000002]dump_stack_lvl+0x60/0x80 [+0.000007]print_report+0xce/0x630 [+0.000007]? __pfx__raw_spin_lock_irqsave+0x10/0x10 [+0.000007]? __virt_addr_valid+0x1c9/0x2c0 [+0.000005]? netif_queue_set_napi+0x1c2/0x1e0 [+0.000003]kasan_report+0xe9/0x120 [+0.000004]? netif_queue_set_napi+0x1c2/0x1e0 [+0.000004]netif_queue_set_napi+0x1c2/0x1e0 [+0.000005]ice_vsi_close+0x161/0x670 [ice] [+0.000114]ice_dis_vsi+0x22f/0x270 [ice] [+0.000095]ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice] [+0.000086]ice_prepare_for_reset+0x299/0x750 [ice] [+0.000087]pci_dev_save_and_disable+0x82/0xd0 [+0.000006]pci_reset_function+0x12d/0x230 [+0.000004]reset_store+0xa0/0x100 [+0.000006]? __pfx_reset_store+0x10/0x10 [+0.000002]? __pfx_mutex_lock+0x10/0x10 [+0.000004]? __check_object_size+0x4c1/0x640 [+0.000007]kernfs_fop_write_iter+0x30b/0x4a0 [+0.000006]vfs_write+0x5d6/0xdf0 [+0.000005]? fd_install+0x180/0x350 [+0.000005]? __pfx_vfs_write+0x10/0xA10 [+0.000004]? do_fcntl+0x52c/0xcd0 [+0.000004]? kasan_save_track+0x13/0x60 [+0.000003]? kasan_save_free_info+0x37/0x60 [+0.000006]ksys_write+0xfa/0x1d0 [+0.000003]? __pfx_ksys_write+0x10/0x10 [+0.000002]? __x64_sys_fcntl+0x121/0x180 [+0.000004]? _raw_spin_lock+0x87/0xe0 [+0.000005]do_syscall_64+0x80/0x170 [+0.000007]? _raw_spin_lock+0x87/0xe0 [+0.000004]? __pfx__raw_spin_lock+0x10/0x10 [+0.000003]? file_close_fd_locked+0x167/0x230 [+0.000005]? syscall_exit_to_user_mode+0x7d/0x220 [+0.000005]? do_syscall_64+0x8c/0x170 [+0.000004]? do_syscall_64+0x8c/0x170 [+0.000003]? do_syscall_64+0x8c/0x170 [+0.000003]? fput+0x1a/0x2c0 [+0.000004]? filp_close+0x19/0x30 [+0.000004]? do_dup2+0x25a/0x4c0 [+0.000004]? __x64_sys_dup2+0x6e/0x2e0 [+0.000002]? syscall_exit_to_user_mode+0x7d/0x220 [+0.000004]? do_syscall_64+0x8c/0x170 [+0.000003]? __count_memcg_events+0x113/0x380 [+0.000005]? handle_mm_fault+0x136/0x820 [+0.000005]? do_user_addr_fault+0x444/0xa80 [+0.000004]? clear_bhb_loop+0x25/0x80 [+0.000004]? clear_bhb_loop+0x25/0x80 [+0.000002]entry_SYSCALL_64_after_hwframe+0x76/0x7e [+0.000005] RIP: 0033:0x7f2033593154

Solution(s)

• ubuntu-upgrade-linux-image-6-8-0-1002-gkeop
• ubuntu-upgrade-linux-image-6-8-0-1015-gke
• ubuntu-upgrade-linux-image-6-8-0-1016-raspi
• ubuntu-upgrade-linux-image-6-8-0-1017-ibm
• ubuntu-upgrade-linux-image-6-8-0-1017-oracle
• ubuntu-upgrade-linux-image-6-8-0-1017-oracle-64k
• ubuntu-upgrade-linux-image-6-8-0-1018-oem
• ubuntu-upgrade-linux-image-6-8-0-1019-gcp
• ubuntu-upgrade-linux-image-6-8-0-1019-nvidia
• ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-64k
• ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency
• ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency-64k
• ubuntu-upgrade-linux-image-6-8-0-1020-aws
• ubuntu-upgrade-linux-image-6-8-0-1020-azure
• ubuntu-upgrade-linux-image-6-8-0-1020-azure-fde
• ubuntu-upgrade-linux-image-6-8-0-50-generic
• ubuntu-upgrade-linux-image-6-8-0-50-generic-64k
• ubuntu-upgrade-linux-image-6-8-0-50-lowlatency
• ubuntu-upgrade-linux-image-6-8-0-50-lowlatency-64k
• ubuntu-upgrade-linux-image-aws
• ubuntu-upgrade-linux-image-azure
• ubuntu-upgrade-linux-image-azure-fde
• ubuntu-upgrade-linux-image-gcp
• ubuntu-upgrade-linux-image-generic
• ubuntu-upgrade-linux-image-generic-64k
• ubuntu-upgrade-linux-image-generic-64k-hwe-22-04
• ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
• ubuntu-upgrade-linux-image-generic-hwe-22-04
• ubuntu-upgrade-linux-image-generic-hwe-24-04
• ubuntu-upgrade-linux-image-generic-lpae
• ubuntu-upgrade-linux-image-gke
• ubuntu-upgrade-linux-image-gkeop
• ubuntu-upgrade-linux-image-gkeop-6-8
• ubuntu-upgrade-linux-image-ibm
• ubuntu-upgrade-linux-image-ibm-classic
• ubuntu-upgrade-linux-image-ibm-lts-24-04
• ubuntu-upgrade-linux-image-kvm
• ubuntu-upgrade-linux-image-lowlatency
• ubuntu-upgrade-linux-image-lowlatency-64k
• ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04
• ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04
• ubuntu-upgrade-linux-image-lowlatency-hwe-22-04
• ubuntu-upgrade-linux-image-lowlatency-hwe-24-04
• ubuntu-upgrade-linux-image-nvidia
• ubuntu-upgrade-linux-image-nvidia-6-8
• ubuntu-upgrade-linux-image-nvidia-64k
• ubuntu-upgrade-linux-image-nvidia-64k-6-8
• ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04
• ubuntu-upgrade-linux-image-nvidia-hwe-22-04
• ubuntu-upgrade-linux-image-nvidia-lowlatency
• ubuntu-upgrade-linux-image-nvidia-lowlatency-64k
• ubuntu-upgrade-linux-image-oem-22-04
• ubuntu-upgrade-linux-image-oem-22-04a
• ubuntu-upgrade-linux-image-oem-22-04b
• ubuntu-upgrade-linux-image-oem-22-04c
• ubuntu-upgrade-linux-image-oem-22-04d
• ubuntu-upgrade-linux-image-oem-24-04
• ubuntu-upgrade-linux-image-oem-24-04a
• ubuntu-upgrade-linux-image-oracle
• ubuntu-upgrade-linux-image-oracle-64k
• ubuntu-upgrade-linux-image-raspi
• ubuntu-upgrade-linux-image-virtual
• ubuntu-upgrade-linux-image-virtual-hwe-22-04
• ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

• https://attackerkb.com/topics/cve-2024-46766
• CVE - 2024-46766
• USN-7154-1
• USN-7154-2
• USN-7155-1
• USN-7156-1
• USN-7196-1