Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-36007

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/05/2024
Last modified:
17/12/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mlxsw: spectrum_acl_tcam: Fix warning during rehash<br /> <br /> As previously explained, the rehash delayed work migrates filters from<br /> one region to another. This is done by iterating over all chunks (all<br /> the filters with the same priority) in the region and in each chunk<br /> iterating over all the filters.<br /> <br /> When the work runs out of credits it stores the current chunk and entry<br /> as markers in the per-work context so that it would know where to resume<br /> the migration from the next time the work is scheduled.<br /> <br /> Upon error, the chunk marker is reset to NULL, but without resetting the<br /> entry markers despite being relative to it. This can result in migration<br /> being resumed from an entry that does not belong to the chunk being<br /> migrated. In turn, this will eventually lead to a chunk being iterated<br /> over as if it is an entry. Because of how the two structures happen to<br /> be defined, this does not lead to KASAN splats, but to warnings such as<br /> [1].<br /> <br /> Fix by creating a helper that resets all the markers and call it from<br /> all the places the currently only reset the chunk marker. For good<br /> measures also call it when starting a completely new rehash. Add a<br /> warning to avoid future cases.<br /> <br /> [1]<br /> WARNING: CPU: 7 PID: 1076 at drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0<br /> Modules linked in:<br /> CPU: 7 PID: 1076 Comm: kworker/7:24 Tainted: G W 6.9.0-rc3-custom-00880-g29e61d91b77b #29<br /> Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019<br /> Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work<br /> RIP: 0010:mlxsw_afk_encode+0x242/0x2f0<br /> [...]<br /> Call Trace:<br /> <br /> mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0<br /> mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0<br /> mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290<br /> mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x470<br /> process_one_work+0x151/0x370<br /> worker_thread+0x2cb/0x3e0<br /> kthread+0xd0/0x100<br /> ret_from_fork+0x34/0x50<br />

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.1 (including) 5.4.275 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.216 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.158 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.90 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.30 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.8.9 (excluding)
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools