CVE-2024-40983 (GCVE-0-2024-40983)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:33 – Updated: 2026-05-11 20:23
VLAI
Title
tipc: force a dst refcount before doing decryption
Summary
In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before entering the xfrm type handlers"): "Crypto requests might return asynchronous. In this case we leave the rcu protected region, so force a refcount on the skb's destination entry before we enter the xfrm type input/output handlers." On TIPC decryption path it has the same problem, and skb_dst_force() should be called before doing decryption to avoid a possible crash. Shuang reported this issue when this warning is triggered: [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug [] Workqueue: crypto cryptd_queue_worker [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Call Trace: [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc] [] tipc_rcv+0xcf5/0x1060 [tipc] [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc] [] cryptd_aead_crypt+0xdb/0x190 [] cryptd_queue_worker+0xed/0x190 [] process_one_work+0x93d/0x17e0
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 3eb1b39627892c4e26cb0162b75725aa5fcc60c8 (git)
Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 692803b39a36e63ac73208e0a3769ae6a2f9bc76 (git)
Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 623c90d86a61e3780f682b32928af469c66ec4c2 (git)
Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < b57a4a2dc8746cea58a922ebe31b6aa629d69d93 (git)
Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 6808b41371670c51feea14f63ade211e78100930 (git)
Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 2ebe8f840c7450ecbfca9d18ac92e9ce9155e269 (git)
Create a notification for this product.
Linux Linux Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:47.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40983",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:02:13.493957Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:21.167Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/node.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3eb1b39627892c4e26cb0162b75725aa5fcc60c8",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            },
            {
              "lessThan": "692803b39a36e63ac73208e0a3769ae6a2f9bc76",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            },
            {
              "lessThan": "623c90d86a61e3780f682b32928af469c66ec4c2",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            },
            {
              "lessThan": "b57a4a2dc8746cea58a922ebe31b6aa629d69d93",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            },
            {
              "lessThan": "6808b41371670c51feea14f63ade211e78100930",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            },
            {
              "lessThan": "2ebe8f840c7450ecbfca9d18ac92e9ce9155e269",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/node.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb\u0027s destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n  [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n  [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n  [] Workqueue: crypto cryptd_queue_worker\n  [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n  [] Call Trace:\n  [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n  [] tipc_rcv+0xcf5/0x1060 [tipc]\n  [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n  [] cryptd_aead_crypt+0xdb/0x190\n  [] cryptd_queue_worker+0xed/0x190\n  [] process_one_work+0x93d/0x17e0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:23:36.695Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76"
        },
        {
          "url": "https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93"
        },
        {
          "url": "https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269"
        }
      ],
      "title": "tipc: force a dst refcount before doing decryption",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40983",
    "datePublished": "2024-07-12T12:33:57.263Z",
    "dateReserved": "2024-07-12T12:17:45.604Z",
    "dateUpdated": "2026-05-11T20:23:36.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-40983",
      "date": "2026-05-29",
      "epss": "0.0001",
      "percentile": "0.01107"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-40983\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-12T13:15:19.893\",\"lastModified\":\"2025-11-03T22:17:20.153\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntipc: force a dst refcount before doing decryption\\n\\nAs it says in commit 3bc07321ccc2 (\\\"xfrm: Force a dst refcount before\\nentering the xfrm type handlers\\\"):\\n\\n\\\"Crypto requests might return asynchronous. In this case we leave the\\n rcu protected region, so force a refcount on the skb\u0027s destination\\n entry before we enter the xfrm type input/output handlers.\\\"\\n\\nOn TIPC decryption path it has the same problem, and skb_dst_force()\\nshould be called before doing decryption to avoid a possible crash.\\n\\nShuang reported this issue when this warning is triggered:\\n\\n  [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\\n  [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\\n  [] Workqueue: crypto cryptd_queue_worker\\n  [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\\n  [] Call Trace:\\n  [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\\n  [] tipc_rcv+0xcf5/0x1060 [tipc]\\n  [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\\n  [] cryptd_aead_crypt+0xdb/0x190\\n  [] cryptd_queue_worker+0xed/0x190\\n  [] process_one_work+0x93d/0x17e0\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: forzar un refcount dst antes de realizar el descifrado como dice en el commit 3bc07321ccc2 (\\\"xfrm: forzar un refcount dst antes de ingresar los controladores de tipo xfrm\\\"): \\\"Las solicitudes criptogr\u00e1ficas pueden regresar as\u00edncronas En este caso, salimos de la regi\u00f3n protegida de rcu, as\u00ed que fuercemos un recuento en la entrada de destino del skb antes de ingresar los controladores de entrada/salida de tipo xfrm. En la ruta de descifrado TIPC tiene el mismo problema, y se debe llamar a skb_dst_force() antes de realizar el descifrado para evitar un posible bloqueo. Shuang inform\u00f3 este problema cuando se activa esta advertencia: [] ADVERTENCIA: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Kdump: cargado Contaminado: GW --------- - - 4.18.0-496.el8.x86_64+debug [] Cola de trabajo: crypto cryptd_queue_worker [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Seguimiento de llamadas: [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc] [] tipc_rcv+ 0xcf5/0x1060 [tipc] [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc] [] cryptd_aead_crypt+0xdb/0x190 [] cryptd_queue_worker+0xed/0x190 [] Process_one_work+0x93d/0x17e0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.221\",\"matchCriteriaId\":\"659E1520-6345-41AF-B893-A7C0647585A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.162\",\"matchCriteriaId\":\"10A39ACC-3005-40E8-875C-98A372D1FFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.96\",\"matchCriteriaId\":\"61E887B4-732A-40D2-9983-CC6F281EBFB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.36\",\"matchCriteriaId\":\"E1046C95-860A-45B0-B718-2B29F65BFF10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.9.7\",\"matchCriteriaId\":\"0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBB4392-5FA6-4DA9-9772-8F9C750109FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"331C2F14-12C7-45D5-893D-8C52EE38EA10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3173713D-909A-4DD3-9DD4-1E171EB057EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"79F18AFA-40F7-43F0-BA30-7BDB65F918B9\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:58:47.921Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-40983\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T17:02:13.493957Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:22.157Z\"}}], \"cna\": {\"title\": \"tipc: force a dst refcount before doing decryption\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0\", \"lessThan\": \"3eb1b39627892c4e26cb0162b75725aa5fcc60c8\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0\", \"lessThan\": \"692803b39a36e63ac73208e0a3769ae6a2f9bc76\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0\", \"lessThan\": \"623c90d86a61e3780f682b32928af469c66ec4c2\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0\", \"lessThan\": \"b57a4a2dc8746cea58a922ebe31b6aa629d69d93\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0\", \"lessThan\": \"6808b41371670c51feea14f63ade211e78100930\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0\", \"lessThan\": \"2ebe8f840c7450ecbfca9d18ac92e9ce9155e269\", \"versionType\": \"git\"}], \"programFiles\": [\"net/tipc/node.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.5\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.5\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.10.221\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.162\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.96\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.36\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9.7\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.9.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/tipc/node.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8\"}, {\"url\": \"https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76\"}, {\"url\": \"https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2\"}, {\"url\": \"https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93\"}, {\"url\": \"https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930\"}, {\"url\": \"https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntipc: force a dst refcount before doing decryption\\n\\nAs it says in commit 3bc07321ccc2 (\\\"xfrm: Force a dst refcount before\\nentering the xfrm type handlers\\\"):\\n\\n\\\"Crypto requests might return asynchronous. In this case we leave the\\n rcu protected region, so force a refcount on the skb\u0027s destination\\n entry before we enter the xfrm type input/output handlers.\\\"\\n\\nOn TIPC decryption path it has the same problem, and skb_dst_force()\\nshould be called before doing decryption to avoid a possible crash.\\n\\nShuang reported this issue when this warning is triggered:\\n\\n  [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\\n  [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\\n  [] Workqueue: crypto cryptd_queue_worker\\n  [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\\n  [] Call Trace:\\n  [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\\n  [] tipc_rcv+0xcf5/0x1060 [tipc]\\n  [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\\n  [] cryptd_aead_crypt+0xdb/0x190\\n  [] cryptd_queue_worker+0xed/0x190\\n  [] process_one_work+0x93d/0x17e0\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.221\", \"versionStartIncluding\": \"5.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.162\", \"versionStartIncluding\": \"5.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.96\", \"versionStartIncluding\": \"5.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.36\", \"versionStartIncluding\": \"5.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9.7\", \"versionStartIncluding\": \"5.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10\", \"versionStartIncluding\": \"5.5\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T20:23:36.695Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-40983\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T20:23:36.695Z\", \"dateReserved\": \"2024-07-12T12:17:45.604Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-07-12T12:33:57.263Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.