{
"threat_severity" : "Moderate",
"public_date" : "2024-04-03T00:00:00Z",
"bugzilla" : {
"description" : "kernel: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()",
"id" : "2273168",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2273168"
},
"cvss3" : {
"cvss3_base_score" : "0.0",
"cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"status" : "verified"
},
"details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()\nSyzkaller reported [1] hitting a warning after failing to allocate\nresources for skb in hsr_init_skb(). Since a WARN_ONCE() call will\nnot help much in this case, it might be prudent to switch to\nnetdev_warn_once(). At the very least it will suppress syzkaller\nreports such as [1].\nJust in case, use netdev_warn_once() in send_prp_supervision_frame()\nfor similar reasons.\n[1]\nHSR: Could not send supervision frame\nWARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294\nRIP: 0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294\n...\nCall Trace:\n\nhsr_announce+0x114/0x370 net/hsr/hsr_device.c:382\ncall_timer_fn+0x193/0x590 kernel/time/timer.c:1700\nexpire_timers kernel/time/timer.c:1751 [inline]\n__run_timers+0x764/0xb20 kernel/time/timer.c:2022\nrun_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035\n__do_softirq+0x21a/0x8de kernel/softirq.c:553\ninvoke_softirq kernel/softirq.c:427 [inline]\n__irq_exit_rcu kernel/softirq.c:632 [inline]\nirq_exit_rcu+0xb7/0x120 kernel/softirq.c:644\nsysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076\n\n\nasm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649\n...\nThis issue is also found in older kernels (at least up to 5.10).", "A vulnerability in the Linux kernel affects the High-availability Seamless Redundancy (HSR) protocol. The issue was identified when a warning (WARN_ONCE()) was triggered due to failed resource allocation for skb in the hsr_init_skb() function. The WARN_ONCE() was initially used to log this failure, but it was not deemed helpful in resolving it. Instead, the kernel maintainers switched to using netdev_warn_once() to better handle the failure and avoid excessive warning reports." ],
"statement" : "This vulnerability, though not Critical, can cause issues in network-related functions, particularly in HSR where frames need to be supervised and announced.",
"affected_release" : [ {
"product_name" : "Red Hat Enterprise Linux 9",
"release_date" : "2024-11-12T00:00:00Z",
"advisory" : "RHSA-2024:9315",
"cpe" : "cpe:/a:redhat:enterprise_linux:9",
"package" : "kernel-0:5.14.0-503.11.1.el9_5"
}, {
"product_name" : "Red Hat Enterprise Linux 9",
"release_date" : "2024-11-12T00:00:00Z",
"advisory" : "RHSA-2024:9315",
"cpe" : "cpe:/o:redhat:enterprise_linux:9",
"package" : "kernel-0:5.14.0-503.11.1.el9_5"
} ],
"package_state" : [ {
"product_name" : "Red Hat Enterprise Linux 6",
"fix_state" : "Not affected",
"package_name" : "kernel",
"cpe" : "cpe:/o:redhat:enterprise_linux:6"
}, {
"product_name" : "Red Hat Enterprise Linux 7",
"fix_state" : "Not affected",
"package_name" : "kernel",
"cpe" : "cpe:/o:redhat:enterprise_linux:7"
}, {
"product_name" : "Red Hat Enterprise Linux 7",
"fix_state" : "Not affected",
"package_name" : "kernel-rt",
"cpe" : "cpe:/o:redhat:enterprise_linux:7"
}, {
"product_name" : "Red Hat Enterprise Linux 8",
"fix_state" : "Not affected",
"package_name" : "kernel",
"cpe" : "cpe:/o:redhat:enterprise_linux:8"
}, {
"product_name" : "Red Hat Enterprise Linux 8",
"fix_state" : "Not affected",
"package_name" : "kernel-rt",
"cpe" : "cpe:/o:redhat:enterprise_linux:8"
}, {
"product_name" : "Red Hat Enterprise Linux 9",
"fix_state" : "Affected",
"package_name" : "kernel-rt",
"cpe" : "cpe:/o:redhat:enterprise_linux:9"
} ],
"references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26707\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26707\nhttps://lore.kernel.org/linux-cve-announce/2024040341-CVE-2024-26707-1153@gregkh/T" ],
"name" : "CVE-2024-26707",
"csaw" : false
}