CVE-2024-38556

net/mlx5: Add a timeout to acquire the command queue semaphore

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Add a timeout to acquire the command queue semaphore

Prevent forced completion handling on an entry that has not yet been
assigned an index, causing an out of bounds access on idx = -22.
Instead of waiting indefinitely for the sem, blocking flow now waits for
index to be allocated or a sem acquisition timeout before beginning the
timer for FW completion.

Kernel log example:
mlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No done completion

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: agrega un tiempo de espera para adquirir el semáforo de la cola de comandos. Evita el manejo de finalización forzada en una entrada a la que aún no se le ha asignado un índice, lo que provoca un acceso fuera de los límites en idx = -22. En lugar de esperar indefinidamente el sem, el flujo de bloqueo ahora espera a que se asigne el índice o a que se agote el tiempo de espera de adquisición del sem antes de iniciar el temporizador para completar el FW. Ejemplo de registro del kernel: mlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No se completó

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-18 CVE Reserved
2024-06-19 CVE Published
2024-06-20 EPSS Updated
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/8e715cd613a1e872b9d918e912d90b399785761a	Vuln. Introduced
https://git.kernel.org/stable/c/74dd45122b84479eee50bd0956ae8bc5799c9f8a	Vuln. Introduced
https://git.kernel.org/stable/c/e801f81cee3c8901f52ee48c6329802b28fbb49c	Vuln. Introduced
https://git.kernel.org/stable/c/d73d81447c6651904dd4a9e3fd88651ff174c1b7	Vuln. Introduced
https://git.kernel.org/stable/c/4646175c19fd019b773444a11ff62748eb83745b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4baae687a20ef2b82fde12de3c04461e6f2521d6	2024-06-12
https://git.kernel.org/stable/c/f9caccdd42e999b74303c9b0643300073ed5d319	2024-06-12
https://git.kernel.org/stable/c/2d0962d05c93de391ce85f6e764df895f47c8918	2024-05-30
https://git.kernel.org/stable/c/94024332a129c6e4275569d85c0c1bfb2ae2d71b	2024-05-30
https://git.kernel.org/stable/c/485d65e1357123a697c591a5aeb773994b247ad7	2024-05-11

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-38556	2024-10-16
https://bugzilla.redhat.com/show_bug.cgi?id=2293443	2024-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.1.93"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.6.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.8.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.9.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.4.174 Search vendor "Linux" for product "Linux Kernel" and version "5.4.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.94 Search vendor "Linux" for product "Linux Kernel" and version "5.10.94"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15.17 Search vendor "Linux" for product "Linux Kernel" and version "5.15.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.16.3 Search vendor "Linux" for product "Linux Kernel" and version "5.16.3"		en		Affected