CVE-2024-33621: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

Published Jun 21, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

ipvlan: Dont Use skb->sk in ipvlanprocessv{4,6}outbound

Raw packet from PFPACKET socket ontop of an IPv6-backed ipvlan device will hit WARNONONCE() in skmcloop() through schdirectxmit() path.

WARNING: CPU: 2 PID: 0 at net/core/sock.c:775 skmcloop+0x2d/0x70 Modules linked in: schnetem ipvlan rfkill cirrus drmshmemhelper sg drmkmshelper CPU: 2 PID: 0 Comm: swapper/2 Kdump: loaded Not tainted 6.9.0+ #279 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:skmcloop+0x2d/0x70 Code: fa 0f 1f 44 00 00 65 0f b7 15 f7 96 a3 4f 31 c0 66 85 d2 75 26 48 85 ff 74 1c RSP: 0018:ffffa9584015cd78 EFLAGS: 00010212 RAX: 0000000000000011 RBX: ffff91e585793e00 RCX: 0000000002c6a001 RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff91e589c0f000 RBP: ffff91e5855bd100 R08: 0000000000000000 R09: 3d00545216f43d00 R10: ffff91e584fdcc50 R11: 00000060dd8616f4 R12: ffff91e58132d000 R13: ffff91e584fdcc68 R14: ffff91e5869ce800 R15: ffff91e589c0f000 FS: 0000000000000000(0000) GS:ffff91e898100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f788f7c44c0 CR3: 0000000008e1a000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> ? warn (kernel/panic.c:693) ? skmcloop (net/core/sock.c:760) ? reportbug (lib/bug.c:201 lib/bug.c:219) ? handlebug (arch/x86/kernel/traps.c:239) ? excinvalidop (arch/x86/kernel/traps.c:260 (discriminator 1)) ? asmexcinvalidop (./arch/x86/include/asm/idtentry.h:621) ? skmcloop (net/core/sock.c:760) ip6finishoutput2 (net/ipv6/ip6output.c:83 (discriminator 1)) ? nfhookslow (net/netfilter/core.c:626) ip6finishoutput (net/ipv6/ip6output.c:222) ? pfxip6finishoutput (net/ipv6/ip6output.c:215) ipvlanxmitmodel3 (drivers/net/ipvlan/ipvlancore.c:602) ipvlan ipvlanstartxmit (drivers/net/ipvlan/ipvlanmain.c:226) ipvlan devhardstartxmit (net/core/dev.c:3594) schdirectxmit (net/sched/schgeneric.c:343) qdiscrun (net/sched/schgeneric.c:416) nettxaction (net/core/dev.c:5286) handlesoftirqs (kernel/softirq.c:555) irqexitrcu (kernel/softirq.c:589) sysvecapictimerinterrupt (arch/x86/kernel/apic/apic.c:1043)

The warning triggers as this: packetsendmsg packetsnd //skb->sk is packet sk devqueuexmit devxmitskb //q->enqueue is not NULL qdiscrun schdirectxmit devhardstartxmit ipvlanstartxmit ipvlanxmitmodel3 //l3 mode ipvlanprocessoutbound //vepa flag ipvlanprocessv6outbound ip6localout ip6finishoutput ip6finishoutput2 //multicast packet skmcloop //sk->skfamily is AFPACKET

Call ip{6}localout() with NULL sk in ipvlan as other tunnels to fix this.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

ipvlan: Dont Use skb->sk in ipvlanprocessv{4,6}outbound

The Linux kernel CVE team has assigned CVE-2024-33621 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024062134-CVE-2024-33621-d3a6@gregkh/T

Red Hat

Linux Kernel is vulnerable to a denial of service, caused by a flaw with using skb->sk in ipvlanprocessv{4,6}outbound. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

IBM

Affected Software

21 affected componentsFixes available
redhat/kernel<4.19.316
4.19.316
redhat/kernel<5.4.278
5.4.278
redhat/kernel<5.10.219
5.10.219
redhat/kernel<5.15.161
5.15.161
redhat/kernel<6.1.93
6.1.93
redhat/kernel<6.6.33
6.6.33
redhat/kernel<6.9.4
6.9.4
redhat/kernel<6.10
6.10
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
Linux Linux kernel>=3.19<4.19.316
Linux Linux kernel>=4.20<5.4.278
Linux Linux kernel>=5.5<5.10.219
Linux Linux kernel>=5.11<5.15.161
Linux Linux kernel>=5.16<6.1.93
Linux Linux kernel>=6.2<6.6.33
Linux Linux kernel>=6.7<6.9.4
Linux Linux kernel=6.10-rc1

Remediation

Patch Available

https://git.kernel.org/stable/c/0049a623dfbbb49888de7f0c2f33a582b5ead989

Patch Available

https://git.kernel.org/stable/c/13c4543db34e0da5a7d2f550b6262d860f248381

Patch Available

https://git.kernel.org/stable/c/183c4b416454b9983dc1b8aa0022b748911adc48

Patch Available

https://git.kernel.org/stable/c/1abbf079da59ef559d0ab4219d2a0302f7970761

Patch Available

https://git.kernel.org/stable/c/54213c09801e0bd2549ac42961093be36f65a7d0

Patch Available

https://git.kernel.org/stable/c/54768bacfde60e8e4757968d79f8726711dd2cf5

Patch Available

https://git.kernel.org/stable/c/b3dc6e8003b500861fa307e9a3400c52e78e4d3a

Patch Available

https://git.kernel.org/stable/c/cb53706a3403ba67f4040b2a82d9cf79e11b1a48

Event History

Jun 21, 2024
CVE Published
via MITRE·10:18 AM
Data Sourced
via MITRE·10:18 AM
Description
Data Sourced
via NVD·11:15 AM
Description
Data Sourced
via NVD·11:15 AM
RemedySeverityAffected Software
Aug 8, 2024
Data Sourced
via Launchpad·11:25 PM
Description
Apr 27, 2025
Data Sourced
via Ubuntu·12:17 AM
RemedyDescriptionSeverityAffected Software
May 13, 2025
Data Sourced
via Debian·12:21 AM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-33621?

CVE-2024-33621 has been rated as a moderate severity vulnerability in the Linux kernel.

2

How do I fix CVE-2024-33621?

To fix CVE-2024-33621, upgrade to the patched versions of the affected kernel packages as specified in the remediation section.

3

What versions of the Linux kernel are affected by CVE-2024-33621?

CVE-2024-33621 affects several kernel versions, including 4.19.316, 5.4.278, 5.10.219, 5.15.161, 6.1.93, 6.6.33, 6.9.4, and 6.10.

4

Is CVE-2024-33621 a remote exploit?

CVE-2024-33621 can potentially be exploited remotely under specific conditions due to the nature of the vulnerability.

5

What components are primarily affected by CVE-2024-33621?

CVE-2024-33621 primarily affects the ipvlan networking component of the Linux kernel.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203