CVE-2024-42247 - Fixing Unaligned Memory Accesses in WireGuard Allowed IPs List on Linux Kernel

A recent vulnerability (CVE-2024-42247) has been identified and resolved in the Linux kernel, specifically in the WireGuard allowed IP addresses feature. This post will provide an overview of the vulnerability, a code snippet with the fix, and links to the original references, enabling readers to understand the issue and apply the solutions highlighted here. The vulnerability was caused by unaligned 64-bit memory access in the WireGuard allowed IP addresses list, which led to kernel warnings on the parisc platform.

Exploit Details

The vulnerability was discovered when unaligned memory accesses were occurring in the WireGuard allowed IP addresses list, resulting in kernel warnings on the parisc platform. This was happening because swap_endian() was attempting to load a 128-bit IPv6 address from an unaligned memory location. The following kernel warnings are observed:

 Kernel: unaligned access to x55f4688c in wg_allowedips_insert_v6+x2c/x80 [wireguard] (iir xf301df)
 Kernel: unaligned access to x55f46884 in wg_allowedips_insert_v6+x38/x80 [wireguard] (iir xf201dc)

Code Fix

To fix this vulnerability, the get_unaligned_be64() helper macro was utilized to avoid unaligned memory accesses. The change was applied in the wg_allowedips_insert_v6 function to handle the insertion of IPv6 addresses correctly.

Here is the code snippet that solves the issue

// Previous code that caused the unaligned memory access
// swap_endian((u64 *)&trie_node->bit[pos], (u64 *)src);			 	
// swap_endian((u64 *)&trie_node->bit[pos] + 1, (u64 *)src + 1);	

// Updated code using the get_unaligned_be64() helper macro
*(u64 *)&trie_node->bit[pos] = get_unaligned_be64(src);
*(u64 *)&trie_node->bit[pos] + 1 = get_unaligned_be64(src + 8);

Original References

The fix for this vulnerability was contributed by Jason A. Donenfeld and shared with the community. The discussion and patch for this issue can be found at the following links:

- Linux Kernel Mailing List (LKML) post
- WireGuard Patch

Conclusion

The CVE-2024-42247 vulnerability in the Linux kernel highlighted the importance of addressing unaligned memory access issues to ensure stable and secure systems. By utilizing the get_unaligned_be64() helper macro, the vulnerability was resolved, eliminating the potential for kernel warnings and instability. It is essential for Linux kernel users to stay up-to-date with patches and discussions to maintain a secure and stable environment. Remember to always update your systems and review the latest changes shared by the community, like the one mentioned in this post.

Timeline

Published on: 08/07/2024 16:15:47 UTC
Last modified on: 08/08/2024 14:52:25 UTC