Bug 1218857 (CVE-2024-0584)

Summary: VUL-0: CVE-2024-0584: kernel: refcnt uaf issue when receiving igmp query packet in igmp_start_timer
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: andrea.mattiazzo
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/391300/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-0584:6.3:(AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-01-16 14:17:45 UTC 
A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in network sub-component in the Linux Kernel. In this flaw a local user may observe a refcnt use after free issue when receiving igmp query packet, and could lead to a kernel information leak problem.

When the device receives an IGMPv2 Query message, it starts the timer immediately, regardless of whether the device is running. If the device is down and has left the multicast group, it will cause the mc list refcount uaf issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0584
https://bugzilla.redhat.com/show_bug.cgi?id=2258584
https://lore.kernel.org/netdev/170083982540.9628.4546899811301303734.git-patchwork-notify@kernel.org/T/
Comment 1 Andrea Mattiazzo 2024-01-16 14:18:18 UTC 
Closed since all codestream are already fixed.