CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes

Published Jun 19, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: xmit: make sure we have at least eth header len bytes

syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETHHLEN bytes) skb. To fix it check if we can actually pull that amount instead of assuming.

Tested with dropwatch: drop at: brdevxmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3) origin: software timestamp: Mon May 13 11:31:53 2024 778214037 nsec protocol: 0x88a8 length: 2 original length: 2 drop reason: PKTTOOSMALL

[1] BUG: KMSAN: uninit-value in brdevxmit+0x61d/0x1cb0 net/bridge/brdevice.c:65 brdevxmit+0x61d/0x1cb0 net/bridge/brdevice.c:65 netdevstartxmit include/linux/netdevice.h:4903 [inline] netdevstartxmit include/linux/netdevice.h:4917 [inline] xmitone net/core/dev.c:3531 [inline] devhardstartxmit+0x247/0xa20 net/core/dev.c:3547 devqueuexmit+0x34db/0x5350 net/core/dev.c:4341 devqueuexmit include/linux/netdevice.h:3091 [inline] bpftxskb net/core/filter.c:2136 [inline] bpfredirectcommon net/core/filter.c:2180 [inline] bpfredirect+0x14a6/0x1620 net/core/filter.c:2187 bpfcloneredirect net/core/filter.c:2460 [inline] bpfcloneredirect+0x328/0x470 net/core/filter.c:2432 bpfprogrun+0x13fe/0xe0f0 kernel/bpf/core.c:1997 bpfprogrun512+0xb5/0xe0 kernel/bpf/core.c:2238 bpfdispatchernopfunc include/linux/bpf.h:1234 [inline] bpfprogrun include/linux/filter.h:657 [inline] bpfprogrun include/linux/filter.h:664 [inline] bpftestrun+0x499/0xc30 net/bpf/testrun.c:425 bpfprogtestrunskb+0x14ea/0x1f20 net/bpf/testrun.c:1058 bpfprogtestrun+0x6b7/0xad0 kernel/bpf/syscall.c:4269 sysbpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678 dosysbpf kernel/bpf/syscall.c:5767 [inline] sesysbpf kernel/bpf/syscall.c:5765 [inline] x64sysbpf+0xa0/0xe0 kernel/bpf/syscall.c:5765 x64syscall+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls64.h:322 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcf/0x1e0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f

Other sources

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: xmit: make sure we have at least eth header len bytes

The Linux kernel CVE team has assigned CVE-2024-38538 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024061947-CVE-2024-38538-e28a@gregkh/T

Red Hat

Linux Kernel is vulnerable to a denial of service, caused by an uninit value[1] error in bridge device's xmit path. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

IBM

Affected Software

14 affected componentsFixes available
redhat/kernel<6.1.93
6.1.93
redhat/kernel<6.6.33
6.6.33
redhat/kernel<6.8.12
6.8.12
redhat/kernel<6.9.3
6.9.3
redhat/kernel<6.10
6.10
Linux Linux kernel>=2.6.12<6.1.93
Linux Linux kernel>=6.2<6.6.33
Linux Linux kernel>=6.7<6.8.12
Linux Linux kernel>=6.9<6.9.3
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux<=5.10.223-1
5.10.234-16.1.129-16.1.135-16.12.27-1

Remediation

Patch Available

https://git.kernel.org/stable/c/1abb371147905ba250b4cc0230c4be7e90bea4d5

Patch Available

https://git.kernel.org/stable/c/28126b83f86ab9cc7936029c2dff845d3dcedba2

Patch Available

https://git.kernel.org/stable/c/5b5d669f569807c7ab07546e73c0741845a2547a

Patch Available

https://git.kernel.org/stable/c/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc

Patch Available

https://git.kernel.org/stable/c/f482fd4ce919836a49012b2d31b00fc36e2488f2

Event History

Jun 19, 2024
CVE Published
via MITRE·01:35 PM
Data Sourced
via MITRE·01:35 PM
Description
Data Sourced
via NVD·02:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Aug 8, 2024
Data Sourced
via Launchpad·11:27 PM
Description
Apr 27, 2025
Data Sourced
via Ubuntu·12:29 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-38538?

CVE-2024-38538 has been classified as a vulnerability that can lead to potential memory corruption in the Linux kernel.

2

How do I fix CVE-2024-38538?

To address CVE-2024-38538, you should update your Linux kernel to version 6.1.93, 6.6.33, 6.8.12, 6.9.3, 6.10, or any later patched version.

3

Which Linux distributions are affected by CVE-2024-38538?

CVE-2024-38538 affects various versions of the Linux kernel across multiple distributions, including Red Hat and Debian.

4

Can CVE-2024-38538 lead to system exploitation?

Yes, if exploited, CVE-2024-38538 could allow attackers to execute arbitrary code, potentially compromising system security.

5

What components of the Linux kernel does CVE-2024-38538 impact?

CVE-2024-38538 specifically impacts the bridge device within the Linux kernel's networking stack.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203