1. Home
  2. Vulnerabilities
  3. CVE-2024-27013

CVE-2024-27013

CVSS v3.1 5.5 (Medium)
55% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 2
Advisories 36
NVD Status Modified
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel, the following vulnerability has been resolved:

tun: limit printing rate when illegal packet received by tun dev

vhost_worker will call tun call backs to receive packets. If too many
illegal packets arrives, tun_do_read will keep dumping packet contents.
When console is enabled, it will costs much more cpu time to dump
packet and soft lockup will be detected.

net_ratelimit mechanism can be used to limit the dumping rate.

PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980"
#0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253
#1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3
#2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e
#3 [fffffe00003fced0] do_nmi at ffffffff8922660d
#4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663
[exception RIP: io_serial_in+20]
RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002
RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000
RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0
RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f
R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020
R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#5 [ffffa655314979e8] io_serial_in at ffffffff89792594
#6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470
#7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6
#8 [ffffa65531497a20] uart_console_write at ffffffff8978b605
#9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558
#10 [ffffa65531497ac8] console_unlock at ffffffff89316124
#11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07
#12 [ffffa65531497b68] printk at ffffffff89318306
#13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765
#14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun]
#15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun]
#16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net]
#17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost]
#18 [ffffa65531497f10] kthread at ffffffff892d2e72
#19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f

Weaknesses
CWE-770
Allocation of Resources Without Limits or Throttling
CVE Status
PUBLISHED
NVD Status
Modified
CNA
kernel.org
Published Date
2024-05-01 06:15:19
(4 months ago)
Updated Date
2024-06-27 12:15:23
(2 months ago)

Affected Products

Fedoraproject

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 2.6.35 version and prior 4.19.313 version cpe:2.3:o:linux:linux_kernel >= 2.6.35 < 4.19.313
  Linux Kernel from 4.20 version and prior 5.4.275 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.4.275
  Linux Kernel from 5.5 version and prior 5.10.216 version cpe:2.3:o:linux:linux_kernel >= 5.5 < 5.10.216
  Linux Kernel from 5.11 version and prior 5.15.157 version cpe:2.3:o:linux:linux_kernel >= 5.11 < 5.15.157
  Linux Kernel from 5.16 version and prior 6.1.88 version cpe:2.3:o:linux:linux_kernel >= 5.16 < 6.1.88
  Linux Kernel from 6.2 version and prior 6.6.29 version cpe:2.3:o:linux:linux_kernel >= 6.2 < 6.6.29
  Linux Kernel from 6.7 version and prior 6.8.8 version cpe:2.3:o:linux:linux_kernel >= 6.7 < 6.8.8
  Linux Kernel 6.9 Rc1 cpe:2.3:o:linux:linux_kernel:6.9:rc1
  Linux Kernel 6.9 Rc2 cpe:2.3:o:linux:linux_kernel:6.9:rc2
  Linux Kernel 6.9 Rc3 cpe:2.3:o:linux:linux_kernel:6.9:rc3
  Linux Kernel 6.9 Rc4 cpe:2.3:o:linux:linux_kernel:6.9:rc4

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 38 cpe:2.3:o:fedoraproject:fedora:38
  Fedoraproject Fedora 39 cpe:2.3:o:fedoraproject:fedora:39
  Fedoraproject Fedora 40 cpe:2.3:o:fedoraproject:fedora:40