CVE-2024-56639: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: hsr: must allocate more bytes for RedBox support Blamed commit forgot to change hsr_init_skb() to allocate larger skb for RedBox case. Indeed, send_hsr_supervision_frame() will add two additional components (struct hsr_sup_tlv and struct hsr_sup_payload) syzbot reported the following crash: skbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 2 UID: 0 PID: 7611 Comm: syz-executor Not tainted 6.12.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206 Code: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 <0f> 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c RSP: 0018:ffffc90000858ab8 EFLAGS: 00010282 RAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69 RDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005 RBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a R13: 0000000000000006 R14: ffff88804b938130 R15: 0000000000000140 FS: 000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> skb_over_panic net/core/skbuff.c:211 [inline] skb_put+0x174/0x1b0 net/core/skbuff.c:2617 send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342 hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436 call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794 expire_timers kernel/time/timer.c:1845 [inline] __run_timers+0x6e8/0x930 kernel/time/timer.c:2419 __run_timer_base kernel/time/timer.c:2430 [inline] __run_timer_base kernel/time/timer.c:2423 [inline] run_timer_base+0x111/0x190 kernel/time/timer.c:2439 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049 </IRQ>
AI Analysis
Technical Summary
CVE-2024-56639 is a vulnerability identified in the Linux kernel's High-availability Seamless Redundancy (HSR) network protocol implementation. The flaw arises from an insufficient allocation of socket buffer (skb) memory in the hsr_init_skb() function when handling RedBox support. Specifically, the commit that introduced RedBox support failed to adjust the skb allocation size to accommodate two additional components—struct hsr_sup_tlv and struct hsr_sup_payload—added by the send_hsr_supervision_frame() function. This miscalculation leads to an skb buffer overflow condition, which triggers a kernel panic due to skb_over_panic detection. The panic manifests as a BUG in net/core/skbuff.c, causing an invalid opcode exception and system crash. The vulnerability was discovered and reported by syzbot, a kernel fuzzing tool, which triggered the crash during testing. The stack trace shows the panic occurs during the sending of HSR supervision frames, specifically in the hsr_device module. This vulnerability affects Linux kernel versions including the commit 5055cccfc2d1cc1a7306f6bcdcd0ee9521d707f5 and likely other versions incorporating the flawed code. No public exploits are known at this time, and no CVSS score has been assigned. The root cause is a programming error in memory allocation size, leading to a denial-of-service condition via kernel panic. Exploitation would require triggering the HSR supervision frame sending path, which is typically used in industrial and high-availability network environments. The vulnerability does not appear to allow privilege escalation or remote code execution directly but can cause system instability and denial of service.
Potential Impact
For European organizations, the impact of CVE-2024-56639 is primarily a denial-of-service (DoS) risk on Linux systems running the affected kernel versions with HSR enabled. HSR is commonly deployed in critical infrastructure sectors such as energy, manufacturing, and transportation, where network redundancy and high availability are essential. A kernel panic induced by this vulnerability could disrupt network communication and system availability, potentially affecting industrial control systems and real-time operations. Given the reliance on Linux in many European data centers and embedded systems, organizations using HSR-enabled Linux kernels could face operational outages. Although no remote exploit is known, attackers or malfunctioning devices on the local network could trigger the flaw, causing service interruptions. This could have cascading effects in sectors with stringent uptime requirements and safety considerations. The vulnerability's impact on confidentiality and integrity is minimal, as it does not directly enable data leakage or unauthorized modification. However, the availability impact is significant in affected environments, especially where HSR is critical for network fault tolerance.
Mitigation Recommendations
To mitigate CVE-2024-56639, European organizations should: 1) Apply the official Linux kernel patches that correct the skb allocation size in the hsr_init_skb() function as soon as they become available from trusted Linux distributions or kernel maintainers. 2) If patching is not immediately possible, consider disabling HSR functionality on affected systems where it is not essential, to prevent triggering the vulnerable code path. 3) Monitor network traffic and logs for unusual HSR supervision frame activity that could indicate attempts to exploit this vulnerability. 4) Implement network segmentation and strict access controls to limit which devices can send HSR frames, reducing the attack surface. 5) Conduct thorough testing of kernel updates in staging environments to ensure stability and compatibility before deployment in production. 6) Maintain up-to-date inventory of Linux kernel versions and configurations to identify systems at risk. 7) Engage with vendors of industrial and embedded Linux systems to confirm patch availability and deployment timelines. These steps go beyond generic advice by focusing on the specific HSR protocol context and operational constraints in industrial and high-availability environments.
Affected Countries
Germany, France, Italy, Netherlands, Belgium, Sweden, Finland, Poland, Spain, United Kingdom
CVE-2024-56639: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: hsr: must allocate more bytes for RedBox support Blamed commit forgot to change hsr_init_skb() to allocate larger skb for RedBox case. Indeed, send_hsr_supervision_frame() will add two additional components (struct hsr_sup_tlv and struct hsr_sup_payload) syzbot reported the following crash: skbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 2 UID: 0 PID: 7611 Comm: syz-executor Not tainted 6.12.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206 Code: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 <0f> 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c RSP: 0018:ffffc90000858ab8 EFLAGS: 00010282 RAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69 RDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005 RBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a R13: 0000000000000006 R14: ffff88804b938130 R15: 0000000000000140 FS: 000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> skb_over_panic net/core/skbuff.c:211 [inline] skb_put+0x174/0x1b0 net/core/skbuff.c:2617 send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342 hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436 call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794 expire_timers kernel/time/timer.c:1845 [inline] __run_timers+0x6e8/0x930 kernel/time/timer.c:2419 __run_timer_base kernel/time/timer.c:2430 [inline] __run_timer_base kernel/time/timer.c:2423 [inline] run_timer_base+0x111/0x190 kernel/time/timer.c:2439 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049 </IRQ>
AI-Powered Analysis
Technical Analysis
CVE-2024-56639 is a vulnerability identified in the Linux kernel's High-availability Seamless Redundancy (HSR) network protocol implementation. The flaw arises from an insufficient allocation of socket buffer (skb) memory in the hsr_init_skb() function when handling RedBox support. Specifically, the commit that introduced RedBox support failed to adjust the skb allocation size to accommodate two additional components—struct hsr_sup_tlv and struct hsr_sup_payload—added by the send_hsr_supervision_frame() function. This miscalculation leads to an skb buffer overflow condition, which triggers a kernel panic due to skb_over_panic detection. The panic manifests as a BUG in net/core/skbuff.c, causing an invalid opcode exception and system crash. The vulnerability was discovered and reported by syzbot, a kernel fuzzing tool, which triggered the crash during testing. The stack trace shows the panic occurs during the sending of HSR supervision frames, specifically in the hsr_device module. This vulnerability affects Linux kernel versions including the commit 5055cccfc2d1cc1a7306f6bcdcd0ee9521d707f5 and likely other versions incorporating the flawed code. No public exploits are known at this time, and no CVSS score has been assigned. The root cause is a programming error in memory allocation size, leading to a denial-of-service condition via kernel panic. Exploitation would require triggering the HSR supervision frame sending path, which is typically used in industrial and high-availability network environments. The vulnerability does not appear to allow privilege escalation or remote code execution directly but can cause system instability and denial of service.
Potential Impact
For European organizations, the impact of CVE-2024-56639 is primarily a denial-of-service (DoS) risk on Linux systems running the affected kernel versions with HSR enabled. HSR is commonly deployed in critical infrastructure sectors such as energy, manufacturing, and transportation, where network redundancy and high availability are essential. A kernel panic induced by this vulnerability could disrupt network communication and system availability, potentially affecting industrial control systems and real-time operations. Given the reliance on Linux in many European data centers and embedded systems, organizations using HSR-enabled Linux kernels could face operational outages. Although no remote exploit is known, attackers or malfunctioning devices on the local network could trigger the flaw, causing service interruptions. This could have cascading effects in sectors with stringent uptime requirements and safety considerations. The vulnerability's impact on confidentiality and integrity is minimal, as it does not directly enable data leakage or unauthorized modification. However, the availability impact is significant in affected environments, especially where HSR is critical for network fault tolerance.
Mitigation Recommendations
To mitigate CVE-2024-56639, European organizations should: 1) Apply the official Linux kernel patches that correct the skb allocation size in the hsr_init_skb() function as soon as they become available from trusted Linux distributions or kernel maintainers. 2) If patching is not immediately possible, consider disabling HSR functionality on affected systems where it is not essential, to prevent triggering the vulnerable code path. 3) Monitor network traffic and logs for unusual HSR supervision frame activity that could indicate attempts to exploit this vulnerability. 4) Implement network segmentation and strict access controls to limit which devices can send HSR frames, reducing the attack surface. 5) Conduct thorough testing of kernel updates in staging environments to ensure stability and compatibility before deployment in production. 6) Maintain up-to-date inventory of Linux kernel versions and configurations to identify systems at risk. 7) Engage with vendors of industrial and embedded Linux systems to confirm patch availability and deployment timelines. These steps go beyond generic advice by focusing on the specific HSR protocol context and operational constraints in industrial and high-availability environments.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T15:00:39.839Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde41b
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 6:27:03 AM
Last updated: 8/14/2025, 6:53:23 PM
Views: 15
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.