Improper Memory Handling in Linux Kernel's TUN Driver by Google
CVE-2024-56372

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A vulnerability has been identified in the Linux kernel's TUN driver, where improper memory handling can lead to crashes and unexpected system behavior. The issue arises from the mishandling of input/output vector (iov) components, resulting in the split buffer mechanism pulling an incorrect data segment which manifests as a malformed socket buffer (skb). This flaw can trigger kernel panics if exploited, disrupting services on affected systems. Comprehensive patches have been released to mitigate this risk, and users are advised to update their systems to the latest kernel versions.

Affected Version(s)

Linux de4f5fed3f231a8ff4790bf52975f847b95b85ea

Linux de4f5fed3f231a8ff4790bf52975f847b95b85ea < 4f393ea1e2f9c3b646d00572dd92c48b1869c65f

Linux de4f5fed3f231a8ff4790bf52975f847b95b85ea < 429fde2d81bcef0ebab002215358955704586457

References

https://git.kernel.org/stable/c/efe74dd58a72bd987b158142c...

https://git.kernel.org/stable/c/4f393ea1e2f9c3b646d00572d...

https://git.kernel.org/stable/c/429fde2d81bcef0ebab002215...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025