Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Network

CVE-2024-47659

Disclosure Date: October 09, 2024 •

CVE-2024-47659 CVSS v3 Base Score: 8.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

smack: tcp: ipv4, fix incorrect labeling

Currently, Smack mirrors the label of incoming tcp/ipv4 connections:
when a label ‘foo’ connects to a label ‘bar’ with tcp/ipv4,
‘foo’ always gets ‘foo’ in returned ipv4 packets. So,

returned packets are incorrectly labeled (‘foo’ instead of ‘bar’)
‘bar’ can write to ‘foo’ without being authorized to write.

Here is a scenario how to see this:

Take two machines, let’s call them C and S,
with active Smack in the default state
(no settings, no rules, no labeled hosts, only builtin labels)
At S, add Smack rule ‘foo bar w’
(labels ‘foo’ and ‘bar’ are instantiated at S at this moment)
At S, at label ‘bar’, launch a program
that listens for incoming tcp/ipv4 connections
From C, at label ‘foo’, connect to the listener at S.
(label ‘foo’ is instantiated at C at this moment)
Connection succeedes and works.
Send some data in both directions.
Collect network traffic of this connection.

All packets in both directions are labeled with the CIPSO
of the label ‘foo’. Hence, label ‘bar’ writes to ‘foo’ without
being authorized, and even without ever being known at C.

If anybody cares: exactly the same happens with DCCP.

This behavior 1st manifested in release 2.6.29.4 (see Fixes below)
and it looks unintentional. At least, no explanation was provided.

I changed returned packes label into the ‘bar’,
to bring it into line with the Smack documentation claims.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

8.8 High

Impact Score:

5.9

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2024-47659 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47659)

Miscellaneous

https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8

https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671

https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670

https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c

https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9

https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff

https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f

https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550

Rapid7

Unknown

CVE-2024-47659

Unknown

Unknown

None

Low

Network

CVE-2024-47659

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-47659

Unknown

Unknown

None

Low

Network

CVE-2024-47659

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification