Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-42110

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/07/2024
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()<br /> <br /> The following is emitted when using idxd (DSA) dmanegine as the data<br /> mover for ntb_transport that ntb_netdev uses.<br /> <br /> [74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526<br /> [74412.556784] caller is netif_rx_internal+0x42/0x130<br /> [74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5<br /> [74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024<br /> [74412.581699] Call Trace:<br /> [74412.584514] <br /> [74412.586933] dump_stack_lvl+0x55/0x70<br /> [74412.591129] check_preemption_disabled+0xc8/0xf0<br /> [74412.596374] netif_rx_internal+0x42/0x130<br /> [74412.600957] __netif_rx+0x20/0xd0<br /> [74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev]<br /> [74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport]<br /> [74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport]<br /> [74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd]<br /> [74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd]<br /> [74412.634046] irq_thread_fn+0x21/0x60<br /> [74412.638134] ? irq_thread+0xa8/0x290<br /> [74412.642218] irq_thread+0x1a0/0x290<br /> [74412.646212] ? __pfx_irq_thread_fn+0x10/0x10<br /> [74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10<br /> [74412.656117] ? __pfx_irq_thread+0x10/0x10<br /> [74412.660686] kthread+0x100/0x130<br /> [74412.664384] ? __pfx_kthread+0x10/0x10<br /> [74412.668639] ret_from_fork+0x31/0x50<br /> [74412.672716] ? __pfx_kthread+0x10/0x10<br /> [74412.676978] ret_from_fork_asm+0x1a/0x30<br /> [74412.681457] <br /> <br /> The cause is due to the idxd driver interrupt completion handler uses<br /> threaded interrupt and the threaded handler is not hard or soft interrupt<br /> context. However __netif_rx() can only be called from interrupt context.<br /> Change the call to netif_rx() in order to allow completion via normal<br /> context for dmaengine drivers that utilize threaded irq handling.<br /> <br /> While the following commit changed from netif_rx() to __netif_rx(),<br /> baebdf48c360 ("net: dev: Makes sure netif_rx() can be invoked in any context."),<br /> the change should&amp;#39;ve been a noop instead. However, the code precedes this<br /> fix should&amp;#39;ve been using netif_rx_ni() or netif_rx_any_context().

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.9 (including) 6.1.98 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.39 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.9.9 (excluding)
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools