Bug 1218857 (CVE-2024-0584) - VUL-0: CVE-2024-0584: kernel: refcnt uaf issue when receiving igmp query packet in igmp_start_timer
Summary: VUL-0: CVE-2024-0584: kernel: refcnt uaf issue when receiving igmp query pack...
Status: RESOLVED FIXED
Alias: CVE-2024-0584
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/391300/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-0584:6.3:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-16 14:17 UTC by SMASH SMASH
Modified: 2024-01-16 14:18 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-01-16 14:17:45 UTC 
A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in network sub-component in the Linux Kernel. In this flaw a local user may observe a refcnt use after free issue when receiving igmp query packet, and could lead to a kernel information leak problem.

When the device receives an IGMPv2 Query message, it starts the timer immediately, regardless of whether the device is running. If the device is down and has left the multicast group, it will cause the mc list refcount uaf issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0584
https://bugzilla.redhat.com/show_bug.cgi?id=2258584
https://lore.kernel.org/netdev/170083982540.9628.4546899811301303734.git-patchwork-notify@kernel.org/T/
Comment 1 Andrea Mattiazzo 2024-01-16 14:18:18 UTC 
Closed since all codestream are already fixed.