Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-26743

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/04/2024
Last modified:
17/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/qedr: Fix qedr_create_user_qp error flow<br /> <br /> Avoid the following warning by making sure to free the allocated<br /> resources in case that qedr_init_user_queue() fail.<br /> <br /> -----------[ cut here ]-----------<br /> WARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]<br /> Modules linked in: tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3<br /> ghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt]<br /> CPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1<br /> Hardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022<br /> RIP: 0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]<br /> Code: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff<br /> RSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286<br /> RAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016<br /> RDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600<br /> RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000<br /> R10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80<br /> R13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000<br /> FS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0<br /> Call Trace:<br /> <br /> ? show_trace_log_lvl+0x1c4/0x2df<br /> ? show_trace_log_lvl+0x1c4/0x2df<br /> ? ib_uverbs_close+0x1f/0xb0 [ib_uverbs]<br /> ? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]<br /> ? __warn+0x81/0x110<br /> ? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]<br /> ? report_bug+0x10a/0x140<br /> ? handle_bug+0x3c/0x70<br /> ? exc_invalid_op+0x14/0x70<br /> ? asm_exc_invalid_op+0x16/0x20<br /> ? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]<br /> ib_uverbs_close+0x1f/0xb0 [ib_uverbs]<br /> __fput+0x94/0x250<br /> task_work_run+0x5c/0x90<br /> do_exit+0x270/0x4a0<br /> do_group_exit+0x2d/0x90<br /> get_signal+0x87c/0x8c0<br /> arch_do_signal_or_restart+0x25/0x100<br /> ? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs]<br /> exit_to_user_mode_loop+0x9c/0x130<br /> exit_to_user_mode_prepare+0xb6/0x100<br /> syscall_exit_to_user_mode+0x12/0x40<br /> do_syscall_64+0x69/0x90<br /> ? syscall_exit_work+0x103/0x130<br /> ? syscall_exit_to_user_mode+0x22/0x40<br /> ? do_syscall_64+0x69/0x90<br /> ? syscall_exit_work+0x103/0x130<br /> ? syscall_exit_to_user_mode+0x22/0x40<br /> ? do_syscall_64+0x69/0x90<br /> ? do_syscall_64+0x69/0x90<br /> ? common_interrupt+0x43/0xa0<br /> entry_SYSCALL_64_after_hwframe+0x72/0xdc<br /> RIP: 0033:0x1470abe3ec6b<br /> Code: Unable to access opcode bytes at RIP 0x1470abe3ec41.<br /> RSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010<br /> RAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b<br /> RDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004<br /> RBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00<br /> R10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358<br /> R13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470<br /> <br /> --[ end trace 888a9b92e04c5c97 ]--

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.11 (including) 5.10.211 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.150 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.80 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.19 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.7.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools