CVE-2024-38659
Description
In the Linux kernel, the following vulnerability has been resolved:
enic: Validate length of nl attributes in enic_set_vf_port
enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX. These attributes are validated (in the function do_setlink in rtnetlink.c) using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation using the policy is for the max size of the attributes and not on exact size so the length of these attributes might be less than the sizes that enic_set_vf_port expects. This might cause an out of bands read access in the memcpys of the data of these attributes in enic_set_vf_port.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
120- osv-coords116 versionspkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_3&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_58&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 5.14.21-150500.55.73.1+ 115 more
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 6.4.0-150600.23.17.1.150600.12.6.2
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 5.14.21-150500.55.73.2
- (no CPE)range: < 6.4.0-150600.23.17.3
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 4.12.14-16.191.1
- (no CPE)range: < 4.12.14-16.191.1
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 6.4.0-150600.23.17.1.150600.12.6.2
- (no CPE)range: < 6.4.0-17.1.1.51
- (no CPE)range: < 4.12.14-122.222.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 4.12.14-122.222.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 4.12.14-122.222.1
- (no CPE)range: < 4.12.14-122.222.1
- (no CPE)range: < 4.12.14-122.222.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 5.14.21-150500.55.73.2
- (no CPE)range: < 6.4.0-150600.23.17.3
- (no CPE)range: < 4.12.14-122.222.1
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150600.1.5.1
- (no CPE)range: < 1-150600.13.3.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 4.12.14-122.222.1
- (no CPE)range: < 4.12.14-10.191.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 4.12.14-10.191.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 4.12.14-16.191.1
- (no CPE)range: < 4.12.14-16.191.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 4.12.14-122.222.1
- (no CPE)range: < 4.12.14-122.222.1
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 4.12.14-10.191.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.60.1
- (no CPE)range: < 6.4.0-150600.8.8.1
- (no CPE)range: < 4.12.14-16.191.1
- (no CPE)range: < 4.12.14-16.191.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 4.12.14-122.222.1
- (no CPE)range: < 4.12.14-122.222.1
- (no CPE)range: < 4.12.14-10.191.1
- (no CPE)range: < 5.14.21-150500.13.61.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 1-8.3.1
Patches
Vulnerability mechanics
References
11- git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7nvdPatch
- git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600nvdPatch
- git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227nvdPatch
- git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5nvdPatch
- git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31nvdPatch
- git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2dnvdPatch
- git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449nvdPatch
- git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9cnvdPatch
- cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-613116.htmlnvd
- lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlnvd
News mentions
0No linked articles in our index yet.