{"id":"CVE-2024-56639","summary":"net: hsr: must allocate more bytes for RedBox support","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: must allocate more bytes for RedBox support\n\nBlamed commit forgot to change hsr_init_skb() to allocate\nlarger skb for RedBox case.\n\nIndeed, send_hsr_supervision_frame() will add\ntwo additional components (struct hsr_sup_tlv\nand struct hsr_sup_payload)\n\nsyzbot reported the following crash:\nskbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 2 UID: 0 PID: 7611 Comm: syz-executor Not tainted 6.12.0-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206\nCode: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 \u003c0f\u003e 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c\nRSP: 0018:ffffc90000858ab8 EFLAGS: 00010282\nRAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69\nRDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005\nRBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a\nR13: 0000000000000006 R14: ffff88804b938130 R15: 0000000000000140\nFS:  000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cIRQ\u003e\n  skb_over_panic net/core/skbuff.c:211 [inline]\n  skb_put+0x174/0x1b0 net/core/skbuff.c:2617\n  send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342\n  hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436\n  call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794\n  expire_timers kernel/time/timer.c:1845 [inline]\n  __run_timers+0x6e8/0x930 kernel/time/timer.c:2419\n  __run_timer_base kernel/time/timer.c:2430 [inline]\n  __run_timer_base kernel/time/timer.c:2423 [inline]\n  run_timer_base+0x111/0x190 kernel/time/timer.c:2439\n  run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449\n  handle_softirqs+0x213/0x8f0 kernel/softirq.c:554\n  __do_softirq kernel/softirq.c:588 [inline]\n  invoke_softirq kernel/softirq.c:428 [inline]\n  __irq_exit_rcu kernel/softirq.c:637 [inline]\n  irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649\n  instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n  sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e","modified":"2026-04-02T12:25:01.878387Z","published":"2024-12-27T15:02:41.549Z","related":["USN-7379-2","USN-7380-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56639.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/688842f47ee9fb392d1c3a1ced1d21d505b14968"},{"type":"WEB","url":"https://git.kernel.org/stable/c/af8edaeddbc52e53207d859c912b017fd9a77629"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56639.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56639"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5055cccfc2d1cc1a7306f6bcdcd0ee9521d707f5"},{"fixed":"688842f47ee9fb392d1c3a1ced1d21d505b14968"},{"fixed":"af8edaeddbc52e53207d859c912b017fd9a77629"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56639.json"}}],"schema_version":"1.7.5"}