{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-40983","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-12T12:17:45.604Z","datePublished":"2024-07-12T12:33:57.263Z","dateUpdated":"2025-11-03T21:58:47.921Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:19:19.684Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb's destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n  [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n  [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n  [] Workqueue: crypto cryptd_queue_worker\n  [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n  [] Call Trace:\n  [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n  [] tipc_rcv+0xcf5/0x1060 [tipc]\n  [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n  [] cryptd_aead_crypt+0xdb/0x190\n  [] cryptd_queue_worker+0xed/0x190\n  [] process_one_work+0x93d/0x17e0"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/tipc/node.c"],"versions":[{"version":"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0","lessThan":"3eb1b39627892c4e26cb0162b75725aa5fcc60c8","status":"affected","versionType":"git"},{"version":"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0","lessThan":"692803b39a36e63ac73208e0a3769ae6a2f9bc76","status":"affected","versionType":"git"},{"version":"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0","lessThan":"623c90d86a61e3780f682b32928af469c66ec4c2","status":"affected","versionType":"git"},{"version":"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0","lessThan":"b57a4a2dc8746cea58a922ebe31b6aa629d69d93","status":"affected","versionType":"git"},{"version":"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0","lessThan":"6808b41371670c51feea14f63ade211e78100930","status":"affected","versionType":"git"},{"version":"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0","lessThan":"2ebe8f840c7450ecbfca9d18ac92e9ce9155e269","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/tipc/node.c"],"versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","status":"unaffected","versionType":"semver"},{"version":"5.10.221","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.162","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.96","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.36","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.7","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.221"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.15.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.1.96"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.6.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.9.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8"},{"url":"https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76"},{"url":"https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2"},{"url":"https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93"},{"url":"https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930"},{"url":"https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269"}],"title":"tipc: force a dst refcount before doing decryption","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:58:47.921Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-40983","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:02:13.493957Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:21.167Z"}}]}}