CVE-2024-38586

2024-06-1914:15:18

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

vulnerability fix

r8169

rtl8125b

ring buffer

fragmented packets

transmit ring buffer

dma_unmap_single

rtl8169_start_xmit

nr_frags

padding

AI Score

6.8

Confidence

High

EPSS

Percentile

10.3%

JSON

In the Linux kernel, the following vulnerability has been resolved:

r8169: Fix possible ring buffer corruption on fragmented Tx packets.

An issue was found on the RTL8125b when transmitting small fragmented
packets, whereby invalid entries were inserted into the transmit ring
buffer, subsequently leading to calls to dma_unmap_single() with a null
address.

This was caused by rtl8169_start_xmit() not noticing changes to nr_frags
which may occur when small packets are padded (to work around hardware
quirks) in rtl8169_tso_csum_v2().

To fix this, postpone inspecting nr_frags until after any padding has been
applied.

Affected configurations

Vulners

Node

linuxlinux_kernelRange5.7–5.10.221

linuxlinux_kernelRange5.11.0–5.15.161

linuxlinux_kernelRange5.16.0–6.1.93

linuxlinux_kernelRange6.2.0–6.6.33

linuxlinux_kernelRange6.7.0–6.8.12

linuxlinux_kernelRange6.9.0–6.9.3

linuxlinux_kernelRange6.10.0≥

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/realtek/r8169_main.c"
    ],
    "versions": [
      {
        "version": "9020845fb5d6",
        "lessThan": "61c1c98e2607",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9020845fb5d6",
        "lessThan": "b6d21cf40de1",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9020845fb5d6",
        "lessThan": "0c48185a9530",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9020845fb5d6",
        "lessThan": "68222d7b4b72",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9020845fb5d6",
        "lessThan": "078d5b7500d7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9020845fb5d6",
        "lessThan": "54e7a0d11124",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9020845fb5d6",
        "lessThan": "c71e3a5cffd5",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/realtek/r8169_main.c"
    ],
    "versions": [
      {
        "version": "5.7",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.7",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.221",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.161",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.93",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.33",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.12",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.3",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]