SB2024070453 - Resource management error in Linux kernel net hyperv driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2024-26820)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netvsc_vf_handle_frame(), netvsc_vf_join(), netvsc_prepare_bonding(), netvsc_register_vf(), netvsc_unregister_vf(), netvsc_probe() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d
• https://git.kernel.org/stable/c/c7441c77c91e47f653104be8353b44a3366a5366
• https://git.kernel.org/stable/c/5b10a88f64c0315cfdef45de0aaaa4eef57de0b7
• https://git.kernel.org/stable/c/b6d46f306b3964d05055ddaa96b58cd8bd3a472c
• https://git.kernel.org/stable/c/309ef7de5d840e17607e7d65cbf297c0564433ef
• https://git.kernel.org/stable/c/a71302c8638939c45e4ba5a99ea438185fd3f418
• https://git.kernel.org/stable/c/4d29a58d96a78728cb01ee29ed70dc4bd642f135
• https://git.kernel.org/stable/c/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2
• https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
• https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.310
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.213
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.152
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.272
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.79
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.6
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8