{ "threat_severity" : "Low", "public_date" : "2024-04-17T00:00:00Z", "bugzilla" : { "description" : "kernel: wireguard: receive: annotate data-race around receiving_counter.counter", "id" : "2275729", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2275729" }, "cvss3" : { "cvss3_base_score" : "4.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-362", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwireguard: receive: annotate data-race around receiving_counter.counter\nSyzkaller with KCSAN identified a data-race issue when accessing\nkeypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE()\nannotations to mark the data race as intentional.\nBUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll\nwrite to 0xffff888107765888 of 8 bytes by interrupt on cpu 0:\ncounter_validate drivers/net/wireguard/receive.c:321 [inline]\nwg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461\n__napi_poll+0x60/0x3b0 net/core/dev.c:6536\nnapi_poll net/core/dev.c:6605 [inline]\nnet_rx_action+0x32b/0x750 net/core/dev.c:6738\n__do_softirq+0xc4/0x279 kernel/softirq.c:553\ndo_softirq+0x5e/0x90 kernel/softirq.c:454\n__local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381\n__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210\nspin_unlock_bh include/linux/spinlock.h:396 [inline]\nptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]\nwg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499\nprocess_one_work kernel/workqueue.c:2633 [inline]\n...\nread to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1:\ndecrypt_packet drivers/net/wireguard/receive.c:252 [inline]\nwg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501\nprocess_one_work kernel/workqueue.c:2633 [inline]\nprocess_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706\nworker_thread+0x525/0x730 kernel/workqueue.c:2787\n..." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26861\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26861\nhttps://lore.kernel.org/linux-cve-announce/2024041736-CVE-2024-26861-3a78@gregkh/T" ], "name" : "CVE-2024-26861", "csaw" : false }