5.5
MEDIUM
CVE-2024-26641
"Linux kernel-ip6_tunnel-uninitialized-memory-access vulnerability"
Description

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023

INFO

Published Date :

March 18, 2024, 11:15 a.m.

Last Modified :

March 10, 2025, 4:58 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2024-26641 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-26641 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Netapp active_iq_unified_manager
2 Netapp ontap_select_deploy_administration_utility
3 Netapp c190_firmware
4 Netapp a220_firmware
5 Netapp fas2720_firmware
6 Netapp fas2750_firmware
7 Netapp a800_firmware
8 Netapp fas2820_firmware
9 Netapp c190
10 Netapp a220
11 Netapp fas2720
12 Netapp fas2750
13 Netapp a800
14 Netapp fas2820
15 Netapp c800_firmware
16 Netapp c800
17 Netapp a900_firmware
18 Netapp a900
19 Netapp a9500_firmware
20 Netapp a9500
21 Netapp a150_firmware
22 Netapp a150
1 Linux linux_kernel
1 Debian debian_linux
: Total Affected Vendor : 3 | Products : 24
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-26641.

URL Resource
https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6 Mailing List Patch
https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0 Mailing List Patch
https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080 Mailing List Patch
https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0 Mailing List Patch
https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a Mailing List Patch
https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8 Mailing List Patch
https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6 Mailing List Patch
https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0 Mailing List Patch
https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080 Mailing List Patch
https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0 Mailing List Patch
https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a Mailing List Patch
https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8 Mailing List Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Mailing List
https://security.netapp.com/advisory/ntap-20241108-0008/ Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
NaInSec/CVE-LIST

Ini adalah repository kumpulan CVE v.5

allcve cve cvelist newcve

Updated: 7 months, 1 week ago
2 stars 0 fork 0 watcher
Born at : March 24, 2024, 3:01 p.m. This repo has been linked 1214 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-26641 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-26641 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Mar. 10, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-908
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 from (excluding) 5.15.149 *cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 from (excluding) 6.7.4 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 from (excluding) 6.6.16 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 from (excluding) 6.1.77 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.7 from (excluding) 5.10.210
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a800:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:c800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:c800:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a900_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a900:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a9500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a9500:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:c190:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a150_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a150:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a220:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fas2720:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fas2750:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fas2820_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fas2820:*:*:*:*:*:*:*:*
    Added Reference Type CVE: https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6 Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0 Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080 Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0 Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8 Types: Mailing List, Patch
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Types: Mailing List
    Added Reference Type CVE: https://security.netapp.com/advisory/ntap-20241108-0008/ Types: Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6
    Added Reference https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0
    Added Reference https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080
    Added Reference https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0
    Added Reference https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a
    Added Reference https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8
    Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
    Added Reference https://security.netapp.com/advisory/ntap-20241108-0008/
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Nov. 05, 2024

    Action Type Old Value New Value
    Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 25, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned]
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 29, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 18, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
    Added Reference kernel.org https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-26641 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-26641 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: