CVE-2024-26856

net: sparx5: Fix use after free inside sparx5_del_mact_entry

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: sparx5: Fix use after free inside sparx5_del_mact_entry

Based on the static analyzis of the code it looks like when an entry
from the MAC table was removed, the entry was still used after being
freed. More precise the vid of the mac_entry was used after calling
devm_kfree on the mac_entry.
The fix consists in first using the vid of the mac_entry to delete the
entry from the HW and after that to free it.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sparx5: corrige el use after free dentro de sparx5_del_mact_entry Según el análisis estático del código, parece que cuando se eliminó una entrada de la tabla MAC, la entrada todavía se usó después de ser liberado. Más precisamente, el video de mac_entry se usó después de llamar a devm_kfree en mac_entry. La solución consiste en utilizar primero el vid de mac_entry para eliminar la entrada del HW y luego liberarla.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-17 CVE Published
2024-04-18 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/b37a1bae742f92cc9b1f777d54e04ee3d86bbfc2	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e46274df1100fb0c06704195bfff5bfbd418bf64	2024-03-15
https://git.kernel.org/stable/c/0de693d68b0a18d5e256556c7c62d92cca35ad52	2024-03-15
https://git.kernel.org/stable/c/e83bebb718fd1f42549358730e1206164e0861d6	2024-03-15
https://git.kernel.org/stable/c/71809805b95052ff551922f11660008fb3666025	2024-03-15
https://git.kernel.org/stable/c/89d72d4125e94aa3c2140fedd97ce07ba9e37674	2024-03-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.15.152 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15.152"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.1.82 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.1.82"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.6.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.6.22"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.7.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.7.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.8"		en		Affected