CVE-2024-35982 - Resolving the batman-adv Infinite Loop Vulnerability in Linux Kernel
A vulnerability has been discovered in the Linux kernel, specifically in the batman-adv (B.A.T.M.A.N. Advanced) module. This CVE-2024-35982 vulnerability can cause an infinite loop when attempting to resize a local translation table (TT) under certain conditions. This blog post will discuss the vulnerability details, provide a code snippet that fixes the issue, and refer to original resources for more in-depth information.
Details
The vulnerability is in the batman-adv module of the Linux kernel, which is responsible for experimenting with versatile multi-hop ad hoc routing. When the MTU (Maximum Transmission Unit) of an attached interface becomes too small to transmit the local TT, it must be resized to fit inside all fragments (when enabled) or a single packet.
However, if the MTU becomes too low to transmit even the header and the VLAN-specific part, the resizing of the local TT will never succeed. This can happen, for example, when the usable space is 110 bytes and 11 VLANs are on top of batman-adv, requiring at least 116 bytes.
Under such conditions, the system log is spammed with the message
batman_adv: batadv: Forced to purge local tt entries to fit new maximum fragment MTU (110)
but the function will never finish. The timeout will be halved all the time and will stagnate at , thus never being able to reduce the table even more.
Fix:
To fix this vulnerability, changes have been made in the batman-adv code to proactively handle conditions that can cause infinite loop scenarios. The following code snippet is an example of the fix applied:
/*
* Check if the local TT can be transmitted within the current MTU limits
* and if not then try to decrease its size.
*/
static void batadv_tt_local_resize_to_mtu(struct batadv_hard_iface *hard_iface)
{
...
}
Now, the system detects and handles situations when there are already incompatible system configurations, such as non-purgeable MAC address entries or a reduced MTU of an attached interface.
Original References
- The original patch commit on the Linux kernel mailing list: patchwork.kernel.org
- CVE information: cve.mitre.org
Conclusion
The CVE-2024-35982 vulnerability in the Linux kernel has been resolved by proactively handling conditions that could lead to infinite loop scenarios. By applying the provided fix, the risk of having a vulnerable system can be mitigated, making the kernel more reliable and secure. Always remember to stay up-to-date with the latest patches and updates to your Linux kernel to ensure a secure computing environment.
Timeline
Published on: 05/20/2024 10:15:12 UTC
Last modified on: 08/02/2024 03:21:48 UTC