CVE-2024-50145

octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() build_skb() returns NULL in case of a memory allocation failure so handle
it inside __octep_oq_process_rx() to avoid NULL pointer dereference. __octep_oq_process_rx() is called during NAPI polling by the driver. If
skb allocation fails, keep on pulling packets out of the Rx DMA queue: we
shouldn't break the polling immediately and thus falsely indicate to the
octep_napi_poll() that the Rx pressure is going down. As there is no
associated skb in this case, don't process the packets and don't push them
up the network stack - they are skipped. Helper function is implemented to unmmap/flush all the fragment buffers
used by the dropped packet. 'alloc_failures' counter is incremented to
mark the skb allocation error in driver statistics. Found by Linux Verification Center (linuxtesting.org) with SVACE.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeon_ep: Agregar manejo de fallas de asignación de SKB en __octep_oq_process_rx() build_skb() devuelve NULL en caso de una falla de asignación de memoria, por lo que se maneja dentro de __octep_oq_process_rx() para evitar la desreferencia del puntero NULL. __octep_oq_process_rx() es llamado durante el sondeo NAPI por el controlador. Si la asignación de skb falla, sigue extrayendo paquetes de la cola DMA de Rx: no deberíamos interrumpir el sondeo inmediatamente y, por lo tanto, indicar falsamente a octep_napi_poll() que la presión de Rx está disminuyendo. Como no hay un skb asociado en este caso, no procesa los paquetes y no los empuja hacia arriba en la pila de red: se omiten. Se implementa una función auxiliar para desmapear/vaciar todos los buferes de fragmentos utilizados por el paquete descartado. El contador 'alloc_failures' se incrementa para marcar el error de asignación de skb en las estadísticas del controlador. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE.

In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() build_skb() returns NULL in case of a memory allocation failure so handle it inside __octep_oq_process_rx() to avoid NULL pointer dereference. __octep_oq_process_rx() is called during NAPI polling by the driver. If skb allocation fails, keep on pulling packets out of the Rx DMA queue: we shouldn't break the polling immediately and thus falsely indicate to the octep_napi_poll() that the Rx pressure is going down. As there is no associated skb in this case, don't process the packets and don't push them up the network stack - they are skipped. Helper function is implemented to unmmap/flush all the fragment buffers used by the dropped packet. 'alloc_failures' counter is incremented to mark the skb allocation error in driver statistics. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-07 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/37d79d0596062057f588bdbb2ebad5455a43d353	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/09ce491112bbf0b866e2638d3e961c1c73d1f00b	2024-11-01
https://git.kernel.org/stable/c/c2d2dc4f88bb3cfc4f3cc320fd3ff51b0ae5b0ea	2024-11-01
https://git.kernel.org/stable/c/2dedcb6f99f4c1a11944e7cc35dbeb9b18a5cbac	2024-11-01
https://git.kernel.org/stable/c/eb592008f79be52ccef88cd9a5249b3fc0367278	2024-10-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.1.115 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.1.115"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.6.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.6.59"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.11.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.11.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.12"		en		Affected