• Bug#1099138: linux: CVE-2024-45001 in bookworm

    From Noah Meyerhans@21:1/5 to All on Fri Feb 28 20:10:01 2025
    XPost: linux.debian.bugs.dist

    Source: linux
    Version: 6.1.128-1
    Severity: important
    Tags: security
    X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

    I believe CVE-2024-45001 (RX buf alloc_size alignment and atomic op
    panic) is miscategorized as not impacting bookworm. The issue is with
    the net/ethernet/microsoft/mana driver and was introduced in linux 6.10,
    which is likely why the security-tracker contains the note "Vulnerable
    code not present" for bookworm. However, bookworm contains a backported version of this driver from 6.10 in debian/patches/features/all/ethernet-microsoft. [1] [2]

    The upstream fix applies on top of our patched 6.1 kernel with an
    offset. [3]

    I didn't propose a fix to the security-tracker data because I don't know
    the file format well enough.

    I can prepare a merge request to the kernel package if that would help.

    Thanks
    noah

    1. https://security-tracker.debian.org/tracker/CVE-2024-45001
    2. https://salsa.debian.org/kernel-team/linux/-/tree/debian/6.1/bookworm/debian/patches/features/all/ethernet-microsoft?ref_type=heads
    3. https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32316f676b4ee87c0404d333d248ccf777f739bc

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to Noah Meyerhans on Fri Feb 28 20:40:01 2025
    XPost: linux.debian.bugs.dist

    Hi Noah,

    On Fri, Feb 28, 2025 at 01:58:18PM -0500, Noah Meyerhans wrote:
    Source: linux
    Version: 6.1.128-1
    Severity: important
    Tags: security
    X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

    I believe CVE-2024-45001 (RX buf alloc_size alignment and atomic op
    panic) is miscategorized as not impacting bookworm. The issue is with
    the net/ethernet/microsoft/mana driver and was introduced in linux 6.10, which is likely why the security-tracker contains the note "Vulnerable
    code not present" for bookworm. However, bookworm contains a backported version of this driver from 6.10 in debian/patches/features/all/ethernet-microsoft. [1] [2]

    The upstream fix applies on top of our patched 6.1 kernel with an
    offset. [3]

    I didn't propose a fix to the security-tracker data because I don't know
    the file format well enough.

    I can prepare a merge request to the kernel package if that would help.

    Thanks I will shortly have a look at that as I'm rebasing 6.1.y for
    bookworm for the next upload.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Noah Meyerhans@21:1/5 to Salvatore Bonaccorso on Sat Mar 1 14:30:01 2025
    XPost: linux.debian.bugs.dist

    On Sat, Mar 01, 2025 at 02:15:43PM +0100, Salvatore Bonaccorso wrote:
    Source: linux
    Version: 6.1.128-1
    Severity: important
    Tags: security
    X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

    I believe CVE-2024-45001 (RX buf alloc_size alignment and atomic op panic) is miscategorized as not impacting bookworm. The issue is with the net/ethernet/microsoft/mana driver and was introduced in linux 6.10, which is likely why the security-tracker contains the note "Vulnerable code not present" for bookworm. However, bookworm contains a backported version of this driver from 6.10 in debian/patches/features/all/ethernet-microsoft. [1] [2]

    The upstream fix applies on top of our patched 6.1 kernel with an
    offset. [3]

    I didn't propose a fix to the security-tracker data because I don't know the file format well enough.

    I can prepare a merge request to the kernel package if that would help.

    Thanks I will shortly have a look at that as I'm rebasing 6.1.y for bookworm for the next upload.

    Investigating this further I believe we have the same problem as well
    for CVE-2024-42069.

    Yes, that seems likely.

    noah

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to Salvatore Bonaccorso on Sat Mar 1 14:20:01 2025
    XPost: linux.debian.bugs.dist

    Control: linux: Backports for fixes for CVE-2024-42069 and CVE-2024-45001 in bookworm

    Hi Noah,

    On Fri, Feb 28, 2025 at 08:30:27PM +0100, Salvatore Bonaccorso wrote:
    Hi Noah,

    On Fri, Feb 28, 2025 at 01:58:18PM -0500, Noah Meyerhans wrote:
    Source: linux
    Version: 6.1.128-1
    Severity: important
    Tags: security
    X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

    I believe CVE-2024-45001 (RX buf alloc_size alignment and atomic op
    panic) is miscategorized as not impacting bookworm. The issue is with
    the net/ethernet/microsoft/mana driver and was introduced in linux 6.10, which is likely why the security-tracker contains the note "Vulnerable
    code not present" for bookworm. However, bookworm contains a backported version of this driver from 6.10 in debian/patches/features/all/ethernet-microsoft. [1] [2]

    The upstream fix applies on top of our patched 6.1 kernel with an
    offset. [3]

    I didn't propose a fix to the security-tracker data because I don't know the file format well enough.

    I can prepare a merge request to the kernel package if that would help.

    Thanks I will shortly have a look at that as I'm rebasing 6.1.y for
    bookworm for the next upload.

    Investigating this further I believe we have the same problem as well
    for CVE-2024-42069.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Thu Mar 6 09:10:04 2025
    This is a multi-part message in MIME format...

    Your message dated Thu, 06 Mar 2025 07:17:10 +0000
    with message-id <E1tq5Ti-00AfEV-ON@fasolo.debian.org>
    and subject line Bug#1099138: fixed in linux 6.1.129-1
    has caused the Debian Bug report #1099138,
    regarding linux: Backports for fixes for CVE-2024-42069 and CVE-2024-45001 in bookworm
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1099138: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099138
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 28 Feb 2025 18:58:23 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-110.7 required=4.0 tests=BAYES_00,DKIMWL_WL_HIGH,
    DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FROMDEVELOPER,
    MD5_SHA1_SUM,SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY,
    USER_IN_DKIM_WELCOMELIST,USER_IN_DKIM_WHITELIST,XMAILER_REPORTBUG
    autolearn=ham autolearn_force=no
    version=3.4.6-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 26; hammy, 150; neutral, 59; spammy,
    0. spammytokens:
    hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin,
    0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311,
    0.000-+--H*RT:311, 0.000-+--H*RT:108
    Return-path: <noahm@debian.org>
    Received: from stravinsky.debian.org ([