CVE-2024-38586

HIGH

Linux Kernel 5.7-6.9.2 - Out-of-bounds Write in r8169 Tx Packet Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently leading to calls to dma_unmap_single() with a null address. This was caused by rtl8169_start_xmit() not noticing changes to nr_frags which may occur when small packets are padded (to work around hardware quirks) in rtl8169_tso_csum_v2(). To fix this, postpone inspecting nr_frags until after any padding has been applied.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27

Patch

https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd

Patch

https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d

Patch

https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1

Patch

https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6

Patch

https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479

Patch

https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 16.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (23)

linux/Kernel 5.11.0 - 5.15.161linux

linux/Kernel 5.16.0 - 6.1.93linux

linux/Kernel 5.7.0 - 5.10.221linux

linux/Kernel 6.2.0 - 6.6.33linux

linux/Kernel 6.7.0 - 6.8.12linux

linux/Kernel 6.9.0 - 6.9.3linux

Linux/Linux < 5.7

Linux/Linux 5.10.221 - 5.10.*

Linux/Linux 5.15.161 - 5.15.*

Linux/Linux 5.7

... and 13 more

Published Jun 19, 2024

Tracked Since Feb 18, 2026