CVE-2024-50145
octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()
build_skb() returns NULL in case of a memory allocation failure so handle
it inside __octep_oq_process_rx() to avoid NULL pointer dereference.
__octep_oq_process_rx() is called during NAPI polling by the driver. If
skb allocation fails, keep on pulling packets out of the Rx DMA queue: we
shouldn't break the polling immediately and thus falsely indicate to the
octep_napi_poll() that the Rx pressure is going down. As there is no
associated skb in this case, don't process the packets and don't push them
up the network stack - they are skipped.
Helper function is implemented to unmmap/flush all the fragment buffers
used by the dropped packet. 'alloc_failures' counter is incremented to
mark the skb allocation error in driver statistics.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeon_ep: Agregar manejo de fallas de asignación de SKB en __octep_oq_process_rx() build_skb() devuelve NULL en caso de una falla de asignación de memoria, por lo que se maneja dentro de __octep_oq_process_rx() para evitar la desreferencia del puntero NULL. __octep_oq_process_rx() es llamado durante el sondeo NAPI por el controlador. Si la asignación de skb falla, sigue extrayendo paquetes de la cola DMA de Rx: no deberíamos interrumpir el sondeo inmediatamente y, por lo tanto, indicar falsamente a octep_napi_poll() que la presión de Rx está disminuyendo. Como no hay un skb asociado en este caso, no procesa los paquetes y no los empuja hacia arriba en la pila de red: se omiten. Se implementa una función auxiliar para desmapear/vaciar todos los buferes de fragmentos utilizados por el paquete descartado. El contador 'alloc_failures' se incrementa para marcar el error de asignación de skb en las estadísticas del controlador. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-10-21 CVE Reserved
- 2024-11-07 CVE Published
- 2024-11-07 CVE Updated
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/37d79d0596062057f588bdbb2ebad5455a43d353 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.19 < 6.1.115 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.1.115" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.19 < 6.6.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.6.59" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.19 < 6.11.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.11.6" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.19 < 6.12-rc5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.12-rc5" | en |
Affected
|