CVE-2024-36006
mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
Both the function that migrates all the chunks within a region and the
function that migrates all the entries within a chunk call
list_first_entry() on the respective lists without checking that the
lists are not empty. This is incorrect usage of the API, which leads to
the following warning [1].
Fix by returning if the lists are empty as there is nothing to migrate
in this case.
[1]
WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0>
Modules linked in:
CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39
Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019
Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work
RIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0
[...]
Call Trace:
<TASK>
mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0
process_one_work+0x151/0x370
worker_thread+0x2cb/0x3e0
kthread+0xd0/0x100
ret_from_fork+0x34/0x50
ret_from_fork_asm+0x1a/0x30
</TASK>
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mlxsw: espectro_acl_tcam: corrige el uso incorrecto de la API de lista. Tanto la función que migra todos los fragmentos dentro de una región como la función que migra todas las entradas dentro de un fragmento llaman a list_first_entry() en el respectivo listas sin verificar que las listas no estén vacías. Este es un uso incorrecto de la API, lo que genera la siguiente advertencia [1]. Para solucionarlo, regrese si las listas están vacías, ya que en este caso no hay nada que migrar. [1] ADVERTENCIA: CPU: 0 PID: 6437 en drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0> Módulos vinculados en: CPU: 0 PID: 6437 Comm: kworker/0:37 No contaminado 6.9.0-rc3-custom-00883-g94a65f079ef6 #39 Nombre del hardware: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 06/01/2019 Cola de trabajo: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP 0010:mlxsw_sp _acl_tcam_vchunk_migrate_all+0x1f1/0x2c0 [... ] Seguimiento de llamadas: mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0 Process_one_work+0x151/0x370 Workers_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x3 0
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-17 CVE Reserved
- 2024-05-20 CVE Published
- 2024-05-21 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf | Vuln. Introduced | |
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-36006 | 2024-11-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2281989 | 2024-11-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 5.4.275 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 5.4.275" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 5.10.216" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 5.15.158 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 5.15.158" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 6.1.90 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.1.90" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 6.6.30 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.6.30" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 6.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.8.9" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.9" | en |
Affected
|