CVE-2024-26707
- Source
- https://cve.org/CVERecord?id=CVE-2024-26707
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26707.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-26707
- Downstream
- Published
- 2024-04-03T14:55:10.262Z
- Modified
- 2026-03-14T12:29:57.182488Z
- Summary
- net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: hsr: remove WARNONCE() in sendhsrsupervisionframe()
Syzkaller reported [1] hitting a warning after failing to allocate resources for skb in hsrinitskb(). Since a WARNONCE() call will not help much in this case, it might be prudent to switch to netdevwarn_once(). At the very least it will suppress syzkaller reports such as [1].
Just in case, use netdevwarnonce() in sendprpsupervision_frame() for similar reasons.
[1] HSR: Could not send supervision frame WARNING: CPU: 1 PID: 85 at net/hsr/hsrdevice.c:294 sendhsrsupervisionframe+0x60a/0x810 net/hsr/hsrdevice.c:294 RIP: 0010:sendhsrsupervisionframe+0x60a/0x810 net/hsr/hsrdevice.c:294 ... Call Trace: <IRQ> hsrannounce+0x114/0x370 net/hsr/hsrdevice.c:382 calltimerfn+0x193/0x590 kernel/time/timer.c:1700 expiretimers kernel/time/timer.c:1751 [inline] __runtimers+0x764/0xb20 kernel/time/timer.c:2022 runtimer_softirq+0x58/0xd0 kernel/time/timer.c:2035 __dosoftirq+0x21a/0x8de kernel/softirq.c:553 invokesoftirq kernel/softirq.c:427 [inline] _irqexitrcu kernel/softirq.c:632 [inline] irqexitrcu+0xb7/0x120 kernel/softirq.c:644 sysvecapictimerinterrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076 </IRQ> <TASK> asmsysvecapictimerinterrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649 ...
This issue is also found in older kernels (at least up to 5.10).
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26707.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0d8011a878fdf96123bc0d6a12e2fe7ced5fddfb
- https://git.kernel.org/stable/c/37e8c97e539015637cb920d3e6f1e404f707a06e
- https://git.kernel.org/stable/c/547545e50c913861219947ce490c68a1776b9b51
- https://git.kernel.org/stable/c/56440799fc4621c279df16176f83a995d056023a
- https://git.kernel.org/stable/c/923dea2a7ea9e1ef5ac4031fba461c1cc92e32b8
- https://git.kernel.org/stable/c/de769423b2f053182a41317c4db5a927e90622a0
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26707.json
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-26707
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced121c33b07b3127f501b366bc23d2a590e2f2b8efFixed0d8011a878fdf96123bc0d6a12e2fe7ced5fddfbFixedde769423b2f053182a41317c4db5a927e90622a0Fixed56440799fc4621c279df16176f83a995d056023aFixed923dea2a7ea9e1ef5ac4031fba461c1cc92e32b8Fixed547545e50c913861219947ce490c68a1776b9b51Fixed37e8c97e539015637cb920d3e6f1e404f707a06e