CVE-2024-56372: Linux Kernel net: tun Vulnerability and Exploit Details

---

In a recent Linux kernel update, a vulnerability (CVE-2024-56372) has been resolved involving the net: tun module. The net: tun subsystem is widely used in Linux systems, and this vulnerability could have severe consequences if exploited. This post will provide details about the vulnerability, the code fix, and links to original references.

Vulnerability Details

A bug was reported by syzbot in the net: tun module of the Linux kernel, specifically in the function tun_napi_alloc_frags(). The issue is caused by improperly handling iov components and results in a malformed skb, which can potentially lead to crashes and other issues [1].

The crash details provided by syzbot are as follows [1]

kernel BUG at net/core/skbuff.c:2849 !
Oops: invalid opcode: 000 [#1] PREEMPT SMP KASAN PTI
CPU:  UID:  PID: 623 Comm: syz-executor132 Not tainted 6.13.-rc1-syzkaller-00407-g96b6fccee41 #
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
...

Fix:
The vulnerability has been addressed by applying a patch to properly handle all iov components and prevent the creation of a malformed skb. The patch can be viewed here [2]:

net/tun: fix tun_napi_alloc_frags()

syzbot reported the following crash [1]

Issue came with the blamed commit. Instead of going through
all the iov components, we keep using the first one
and end up with a malformed skb.

Original References

1. syzbot crash report: syzbot kernel BUG report
2. Patch: Linux kernel patch

Exploit Details

As of now, no known public exploits are available for this vulnerability. However, the crash details provided by syzbot reveal that it could lead to a kernel panic or other unexpected behavior, which might be leveraged by an attacker to compromise the system or cause a denial of service. Therefore, it is essential to apply the patch to affected systems as soon as possible.

In conclusion, CVE-2024-56372 is a severe vulnerability in the Linux kernel's net: tun module. The issue has been addressed with a recent patch, and system administrators should apply the update to protect their systems against potential attacks.

Timeline

Published on: 01/11/2025 13:15:28 UTC
Last modified on: 01/20/2025 06:22:20 UTC