CVE-2024-56639: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's HSR (High-availability Seamless Redundancy) implementation was discovered and resolved in December 2024. The issue was related to insufficient memory allocation for RedBox support in the hsrinitskb() function. The vulnerability was identified when the sendhsrsupervisionframe() function attempted to add two additional components (struct hsrsuptlv and struct hsrsup_payload) without proper memory allocation (Kernel Commit).

The vulnerability stems from a memory allocation oversight in the HSR network implementation. The hsrinitskb() function failed to allocate sufficient memory for RedBox support cases, leading to a buffer overflow condition. When sendhsrsupervisionframe() attempted to add additional components (struct hsrsuptlv and struct hsrsuppayload), it resulted in an skbover_panic error. The issue was traced back to the original commit that introduced RedBox support (5055cccfc2d1) (Kernel Commit).

When triggered, this vulnerability causes a kernel panic with an 'invalid opcode' error, potentially leading to system crashes and denial of service conditions. The issue specifically affects systems using the HSR networking feature with RedBox support enabled (Kernel Commit).

The issue has been fixed by modifying the hsrinitskb() function to properly account for additional memory needed in RedBox support cases. The fix involves adding an 'extra' parameter to allocate the required additional bytes for struct hsrsuptlv and struct hsrsuppayload (Kernel Commit).