{
  "threat_severity" : "Moderate",
  "public_date" : "2024-10-21T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: icmp: change the order of rate limits",
    "id" : "2320212",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2320212"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-203",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nicmp: change the order of rate limits\nICMP messages are ratelimited :\nAfter the blamed commits, the two rate limiters are applied in this order:\n1) host wide ratelimit (icmp_global_allow())\n2) Per destination ratelimit (inetpeer based)\nIn order to avoid side-channels attacks, we need to apply\nthe per destination check first.\nThis patch makes the following change :\n1) icmp_global_allow() checks if the host wide limit is reached.\nBut credits are not yet consumed. This is deferred to 3)\n2) The per destination limit is checked/updated.\nThis might add a new node in inetpeer tree.\n3) icmp_global_consume() consumes tokens if prior operations succeeded.\nThis means that host wide ratelimit is still effective\nin keeping inetpeer tree small even under DDOS.\nAs a bonus, I removed icmp_global.lock as the fast path\ncan use a lock-free operation.", "A flaw was found in the Linux kernel related to the order of rate limits for ICMP messages. The sequence in which rate limiters are applied potentially allows a side-channel attack, resulting in information disclosure." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-47678\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47678\nhttps://lore.kernel.org/linux-cve-announce/2024102106-CVE-2024-47678-0b1b@gregkh/T" ],
  "name" : "CVE-2024-47678",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}