{"id":"CVE-2024-38538","summary":"net: bridge: xmit: make sure we have at least eth header len bytes","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: xmit: make sure we have at least eth header len bytes\n\nsyzbot triggered an uninit value[1] error in bridge device's xmit path\nby sending a short (less than ETH_HLEN bytes) skb. To fix it check if\nwe can actually pull that amount instead of assuming.\n\nTested with dropwatch:\n drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3)\n origin: software\n timestamp: Mon May 13 11:31:53 2024 778214037 nsec\n protocol: 0x88a8\n length: 2\n original length: 2\n drop reason: PKT_TOO_SMALL\n\n[1]\nBUG: KMSAN: uninit-value in br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65\n br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547\n __dev_queue_xmit+0x34db/0x5350 net/core/dev.c:4341\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n __bpf_tx_skb net/core/filter.c:2136 [inline]\n __bpf_redirect_common net/core/filter.c:2180 [inline]\n __bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187\n ____bpf_clone_redirect net/core/filter.c:2460 [inline]\n bpf_clone_redirect+0x328/0x470 net/core/filter.c:2432\n ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997\n __bpf_prog_run512+0xb5/0xe0 kernel/bpf/core.c:2238\n bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]\n __bpf_prog_run include/linux/filter.h:657 [inline]\n bpf_prog_run include/linux/filter.h:664 [inline]\n bpf_test_run+0x499/0xc30 net/bpf/test_run.c:425\n bpf_prog_test_run_skb+0x14ea/0x1f20 net/bpf/test_run.c:1058\n bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4269\n __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678\n __do_sys_bpf kernel/bpf/syscall.c:5767 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5765 [inline]\n __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765\n x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f","modified":"2026-03-20T12:37:03.782657Z","published":"2024-06-19T13:35:13.384Z","related":["ALSA-2024:5928","MGASA-2024-0263","MGASA-2024-0266","SUSE-SU-2024:3551-1","SUSE-SU-2024:3553-1","SUSE-SU-2024:3561-1","SUSE-SU-2024:3564-1","SUSE-SU-2024:3569-1","SUSE-SU-2024:3587-1","SUSE-SU-2024:3592-1","SUSE-SU-2024:3617-1","SUSE-SU-2024:4100-1","SUSE-SU-2025:0034-1","SUSE-SU-2025:20073-1","SUSE-SU-2025:20077-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38538.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1abb371147905ba250b4cc0230c4be7e90bea4d5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/28126b83f86ab9cc7936029c2dff845d3dcedba2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3e01fc3c66e65d9afe98f1489047a1b2dd8741ca"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5b5d669f569807c7ab07546e73c0741845a2547a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/82090f94c723dab724b1c32db406091d40448a17"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b2b7c43cd32080221bb233741bd6011983fe7c11"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c964429ef53f42098a6545a5dabeb1441c1e821d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f482fd4ce919836a49012b2d31b00fc36e2488f2"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38538.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38538"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"3e01fc3c66e65d9afe98f1489047a1b2dd8741ca"},{"fixed":"b2b7c43cd32080221bb233741bd6011983fe7c11"},{"fixed":"82090f94c723dab724b1c32db406091d40448a17"},{"fixed":"c964429ef53f42098a6545a5dabeb1441c1e821d"},{"fixed":"28126b83f86ab9cc7936029c2dff845d3dcedba2"},{"fixed":"1abb371147905ba250b4cc0230c4be7e90bea4d5"},{"fixed":"f482fd4ce919836a49012b2d31b00fc36e2488f2"},{"fixed":"5b5d669f569807c7ab07546e73c0741845a2547a"},{"fixed":"8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38538.json"}}],"schema_version":"1.7.5"}