CVE-2024-43878

In the Linux kernel, the following vulnerability has been resolved:

xfrm: Fix input error path memory access

When there is a misconfiguration of input state slow path KASAN report error. Fix this error. west login: [ 52.987278] eth1: renamed from veth11 [ 53.078814] eth1: renamed from veth21 [ 53.181355] eth1: renamed from veth31 [ 54.921702] ================================================================== [ 54.922602] BUG: KASAN: wild-memory-access in xfrmircvcb+0x2d/0x295 [ 54.923393] Read of size 8 at addr 6b6b6b6b00000000 by task ping/512 [ 54.924169] [ 54.924386] CPU: 0 PID: 512 Comm: ping Not tainted 6.9.0-08574-gcd29a4313a1b #25 [ 54.925290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 54.926401] Call Trace: [ 54.926731] <IRQ> [ 54.927009] dumpstacklvl+0x2a/0x3b [ 54.927478] kasanreport+0x84/0xa6 [ 54.927930] ? xfrmircvcb+0x2d/0x295 [ 54.928410] xfrmircvcb+0x2d/0x295 [ 54.928872] ? xfrm4rcvcb+0x3d/0x5e [ 54.929354] xfrm4rcvcb+0x46/0x5e [ 54.929804] xfrmrcvcb+0x7e/0xa1 [ 54.930240] xfrminput+0x1b3a/0x1b96 [ 54.930715] ? xfrmoffload+0x41/0x41 [ 54.931182] ? rawrcv+0x292/0x292 [ 54.931617] ? nfconntrackconfirm+0xa2/0xa2 [ 54.932158] ? skbsecpath+0xd/0x3f [ 54.932610] ? xfrmiinput+0x90/0xce [ 54.933066] xfrm4esprcv+0x33/0x54 [ 54.933521] ipprotocoldeliverrcu+0xd7/0x1b2 [ 54.934089] iplocaldeliverfinish+0x110/0x120 [ 54.934659] ? ipprotocoldeliverrcu+0x1b2/0x1b2 [ 54.935248] NFHOOK.constprop.0+0xf8/0x138 [ 54.935767] ? ipsublistrcvfinish+0x68/0x68 [ 54.936317] ? securetcpv6tsoff+0x23/0x168 [ 54.936859] ? ipprotocoldeliverrcu+0x1b2/0x1b2 [ 54.937454] ? __xfrmpolicycheck2.constprop.0+0x18d/0x18d [ 54.938135] NFHOOK.constprop.0+0xf8/0x138 [ 54.938663] ? ipsublistrcvfinish+0x68/0x68 [ 54.939220] ? __xfrmpolicycheck2.constprop.0+0x18d/0x18d [ 54.939904] ? iplocaldeliver_finish+0x120/0x120 [ 54.940497] __netifreceiveskbonecore+0xc9/0x107 [ 54.941121] ? __netifreceiveskblistcore+0x1c2/0x1c2 [ 54.941771] ? blkmqstartstoppedhwqueues+0xc7/0xf9 [ 54.942413] ? blkmqstartstoppedhwqueue+0x38/0x38 [ 54.943044] ? virtqueuegetbufctx+0x295/0x46b [ 54.943618] processbacklog+0xb3/0x187 [ 54.944102] __napipoll.constprop.0+0x57/0x1a7 [ 54.944669] netrx_action+0x1cb/0x380 [ 54.945150] ? __napipoll.constprop.0+0x1a7/0x1a7 [ 54.945744] ? vringnewvirtqueue+0x17a/0x17a [ 54.946300] ? noteinterrupt+0x2cd/0x367 [ 54.946805] handlesoftirqs+0x13c/0x2c9 [ 54.947300] dosoftirq+0x5f/0x7d [ 54.947727] </IRQ> [ 54.948014] <TASK> [ 54.948300] __localbhenable_ip+0x48/0x62 [ 54.948832] __neigheventsend+0x3fd/0x4ca [ 54.949361] neighresolveoutput+0x1e/0x210 [ 54.949896] ipfinishoutput2+0x4bf/0x4f0 [ 54.950410] ? __ipfinishoutput+0x171/0x1b8 [ 54.950956] ipsendskb+0x25/0x57 [ 54.951390] rawsendmsg+0xf95/0x10c0 [ 54.951850] ? checknewpages+0x45/0x71 [ 54.952343] ? rawhashsk+0x21b/0x21b [ 54.952815] ? kernelinitpages+0x42/0x51 [ 54.953337] ? prepnewpage+0x44/0x51 [ 54.953811] ? getpagefromfreelist+0x72b/0x915 [ 54.954390] ? signalpendingstate+0x77/0x77 [ 54.954936] ? preemptcountsub+0x14/0xb3 [ 54.955450] ? __might_resched+0x8a/0x240 [ 54.955951] ? __mightsleep+0x25/0xa0 [ 54.956424] ? firstzones_zonelist+0x2c/0x43 [ 54.956977] ? __rcureadlock+0x2d/0x3a [ 54.957476] ? __pteoffsetmap+0x32/0xa4 [ 54.957980] ? __might_resched+0x8a/0x240 [ 54.958483] ? __mightsleep+0x25/0xa0 [ 54.958963] ? inetsendprepare+0x54/0x54 [ 54.959478] ? socksendmsgnosec+0x42/0x6c [ 54.960000] socksendmsg_nosec+0x42/0x6c [ 54.960502] __sys_sendto+0x15d/0x1cc [ 54.960966] ? __x64sysgetpeername+0x44/0x44 [ 54.961522] ? _handlemmfault+0x679/0xae4 [ 54.962068] ? findvma+0x6b/0x ---truncated---