In the Linux kernel, the following vulnerability has been resolved:
vmxnet3: Fix missing reserved tailroom
Use rbi->len instead of rcd->len for non-dataring packet.
Found issue: XDPWARN: xdpupdateframefrombuff(line:278): Driver BUG: missing reserved tailroom WARNING: CPU: 0 PID: 0 at net/core/xdp.c:586 xdpwarn+0xf/0x20 CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W O 6.5.1 #1 RIP: 0010:xdpwarn+0xf/0x20 ... ? xdpwarn+0xf/0x20 xdpdoredirect+0x15f/0x1c0 vmxnet3runxdp+0x17a/0x400 [vmxnet3] vmxnet3processxdp+0xe4/0x760 [vmxnet3] ? vmxnet3tqtxcomplete.isra.0+0x21e/0x2c0 [vmxnet3] vmxnet3rqrxcomplete+0x7ad/0x1120 [vmxnet3] vmxnet3pollrxonly+0x2d/0xa0 [vmxnet3] _napipoll+0x20/0x180 netrx_action+0x177/0x390
{ "vanir_signatures": [ { "digest": { "length": 1083.0, "function_hash": "173777562618218039580228745292539384092" }, "target": { "function": "vmxnet3_process_xdp", "file": "drivers/net/vmxnet3/vmxnet3_xdp.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c8505ecc2d15473d679b8e06335434b84fffe86", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-27026-03272540" }, { "digest": { "line_hashes": [ "6142491038498206026031180067697686429", "153545933236804088015045045332860412246", "224471553524810319078508650780300767263", "72765255729204487399732749099229256972", "232815485177865679755765008499269140445", "60671797866055309589710151997422087462", "251074350224018175765989094501062250261", "193448402542829345301752517836816430767" ], "threshold": 0.9 }, "target": { "file": "drivers/net/vmxnet3/vmxnet3_xdp.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aba8659caf88017507419feea06069f529329ea6", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-27026-06577616" }, { "digest": { "line_hashes": [ "6142491038498206026031180067697686429", "153545933236804088015045045332860412246", "224471553524810319078508650780300767263", "72765255729204487399732749099229256972", "232815485177865679755765008499269140445", "60671797866055309589710151997422087462", "251074350224018175765989094501062250261", "193448402542829345301752517836816430767" ], "threshold": 0.9 }, "target": { "file": "drivers/net/vmxnet3/vmxnet3_xdp.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e127ce7699c1e05279ee5ee61f00893e7bfa9671", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-27026-756e39ba" }, { "digest": { "length": 1083.0, "function_hash": "173777562618218039580228745292539384092" }, "target": { "function": "vmxnet3_process_xdp", "file": "drivers/net/vmxnet3/vmxnet3_xdp.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e127ce7699c1e05279ee5ee61f00893e7bfa9671", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-27026-ad0eb49b" }, { "digest": { "line_hashes": [ "6142491038498206026031180067697686429", "153545933236804088015045045332860412246", "224471553524810319078508650780300767263", "72765255729204487399732749099229256972", "232815485177865679755765008499269140445", "60671797866055309589710151997422087462", "251074350224018175765989094501062250261", "193448402542829345301752517836816430767" ], "threshold": 0.9 }, "target": { "file": "drivers/net/vmxnet3/vmxnet3_xdp.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c8505ecc2d15473d679b8e06335434b84fffe86", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-27026-b117250a" }, { "digest": { "length": 1083.0, "function_hash": "173777562618218039580228745292539384092" }, "target": { "function": "vmxnet3_process_xdp", "file": "drivers/net/vmxnet3/vmxnet3_xdp.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aba8659caf88017507419feea06069f529329ea6", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-27026-e8430dbb" } ] }