{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "304b44f0d5a4c2f91f82f7c31538d00485fb484c"
            },
            {
              "fixed": "a4c10813bc394ff2b5c61f913971be216f8f8834"
            },
            {
              "fixed": "54fcc6189dfb822eea984fa2b3e477a02447279d"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43878.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Fix input error path memory access\n\nWhen there is a misconfiguration of input state slow path\nKASAN report error. Fix this error.\nwest login:\n[   52.987278] eth1: renamed from veth11\n[   53.078814] eth1: renamed from veth21\n[   53.181355] eth1: renamed from veth31\n[   54.921702] ==================================================================\n[   54.922602] BUG: KASAN: wild-memory-access in xfrmi_rcv_cb+0x2d/0x295\n[   54.923393] Read of size 8 at addr 6b6b6b6b00000000 by task ping/512\n[   54.924169]\n[   54.924386] CPU: 0 PID: 512 Comm: ping Not tainted 6.9.0-08574-gcd29a4313a1b #25\n[   54.925290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   54.926401] Call Trace:\n[   54.926731]  \u003cIRQ\u003e\n[   54.927009]  dump_stack_lvl+0x2a/0x3b\n[   54.927478]  kasan_report+0x84/0xa6\n[   54.927930]  ? xfrmi_rcv_cb+0x2d/0x295\n[   54.928410]  xfrmi_rcv_cb+0x2d/0x295\n[   54.928872]  ? xfrm4_rcv_cb+0x3d/0x5e\n[   54.929354]  xfrm4_rcv_cb+0x46/0x5e\n[   54.929804]  xfrm_rcv_cb+0x7e/0xa1\n[   54.930240]  xfrm_input+0x1b3a/0x1b96\n[   54.930715]  ? xfrm_offload+0x41/0x41\n[   54.931182]  ? raw_rcv+0x292/0x292\n[   54.931617]  ? nf_conntrack_confirm+0xa2/0xa2\n[   54.932158]  ? skb_sec_path+0xd/0x3f\n[   54.932610]  ? xfrmi_input+0x90/0xce\n[   54.933066]  xfrm4_esp_rcv+0x33/0x54\n[   54.933521]  ip_protocol_deliver_rcu+0xd7/0x1b2\n[   54.934089]  ip_local_deliver_finish+0x110/0x120\n[   54.934659]  ? ip_protocol_deliver_rcu+0x1b2/0x1b2\n[   54.935248]  NF_HOOK.constprop.0+0xf8/0x138\n[   54.935767]  ? ip_sublist_rcv_finish+0x68/0x68\n[   54.936317]  ? secure_tcpv6_ts_off+0x23/0x168\n[   54.936859]  ? ip_protocol_deliver_rcu+0x1b2/0x1b2\n[   54.937454]  ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\n[   54.938135]  NF_HOOK.constprop.0+0xf8/0x138\n[   54.938663]  ? ip_sublist_rcv_finish+0x68/0x68\n[   54.939220]  ? __xfrm_policy_check2.constprop.0+0x18d/0x18d\n[   54.939904]  ? ip_local_deliver_finish+0x120/0x120\n[   54.940497]  __netif_receive_skb_one_core+0xc9/0x107\n[   54.941121]  ? __netif_receive_skb_list_core+0x1c2/0x1c2\n[   54.941771]  ? blk_mq_start_stopped_hw_queues+0xc7/0xf9\n[   54.942413]  ? blk_mq_start_stopped_hw_queue+0x38/0x38\n[   54.943044]  ? virtqueue_get_buf_ctx+0x295/0x46b\n[   54.943618]  process_backlog+0xb3/0x187\n[   54.944102]  __napi_poll.constprop.0+0x57/0x1a7\n[   54.944669]  net_rx_action+0x1cb/0x380\n[   54.945150]  ? __napi_poll.constprop.0+0x1a7/0x1a7\n[   54.945744]  ? vring_new_virtqueue+0x17a/0x17a\n[   54.946300]  ? note_interrupt+0x2cd/0x367\n[   54.946805]  handle_softirqs+0x13c/0x2c9\n[   54.947300]  do_softirq+0x5f/0x7d\n[   54.947727]  \u003c/IRQ\u003e\n[   54.948014]  \u003cTASK\u003e\n[   54.948300]  __local_bh_enable_ip+0x48/0x62\n[   54.948832]  __neigh_event_send+0x3fd/0x4ca\n[   54.949361]  neigh_resolve_output+0x1e/0x210\n[   54.949896]  ip_finish_output2+0x4bf/0x4f0\n[   54.950410]  ? __ip_finish_output+0x171/0x1b8\n[   54.950956]  ip_send_skb+0x25/0x57\n[   54.951390]  raw_sendmsg+0xf95/0x10c0\n[   54.951850]  ? check_new_pages+0x45/0x71\n[   54.952343]  ? raw_hash_sk+0x21b/0x21b\n[   54.952815]  ? kernel_init_pages+0x42/0x51\n[   54.953337]  ? prep_new_page+0x44/0x51\n[   54.953811]  ? get_page_from_freelist+0x72b/0x915\n[   54.954390]  ? signal_pending_state+0x77/0x77\n[   54.954936]  ? preempt_count_sub+0x14/0xb3\n[   54.955450]  ? __might_resched+0x8a/0x240\n[   54.955951]  ? __might_sleep+0x25/0xa0\n[   54.956424]  ? first_zones_zonelist+0x2c/0x43\n[   54.956977]  ? __rcu_read_lock+0x2d/0x3a\n[   54.957476]  ? __pte_offset_map+0x32/0xa4\n[   54.957980]  ? __might_resched+0x8a/0x240\n[   54.958483]  ? __might_sleep+0x25/0xa0\n[   54.958963]  ? inet_send_prepare+0x54/0x54\n[   54.959478]  ? sock_sendmsg_nosec+0x42/0x6c\n[   54.960000]  sock_sendmsg_nosec+0x42/0x6c\n[   54.960502]  __sys_sendto+0x15d/0x1cc\n[   54.960966]  ? __x64_sys_getpeername+0x44/0x44\n[   54.961522]  ? __handle_mm_fault+0x679/0xae4\n[   54.962068]  ? find_vma+0x6b/0x\n---truncated---",
  "id": "CVE-2024-43878",
  "modified": "2026-04-01T23:09:01.059467777Z",
  "published": "2024-08-21T00:06:30.412Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54fcc6189dfb822eea984fa2b3e477a02447279d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4c10813bc394ff2b5c61f913971be216f8f8834"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43878.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43878"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.3",
  "summary": "xfrm: Fix input error path memory access"
}