CVE-2024-26595

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path<br /> <br /> When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after<br /> failing to attach the region to an ACL group, we hit a NULL pointer<br /> dereference upon &amp;#39;region-&gt;group-&gt;tcam&amp;#39; [1].<br /> <br /> Fix by retrieving the &amp;#39;tcam&amp;#39; pointer using mlxsw_sp_acl_to_tcam().<br /> <br /> [1]<br /> BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> [...]<br /> RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0<br /> [...]<br /> Call Trace:<br /> mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20<br /> mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0<br /> mlxsw_sp_acl_rule_add+0x47/0x240<br /> mlxsw_sp_flower_replace+0x1a9/0x1d0<br /> tc_setup_cb_add+0xdc/0x1c0<br /> fl_hw_replace_filter+0x146/0x1f0<br /> fl_change+0xc17/0x1360<br /> tc_new_tfilter+0x472/0xb90<br /> rtnetlink_rcv_msg+0x313/0x3b0<br /> netlink_rcv_skb+0x58/0x100<br /> netlink_unicast+0x244/0x390<br /> netlink_sendmsg+0x1e4/0x440<br /> ____sys_sendmsg+0x164/0x260<br /> ___sys_sendmsg+0x9a/0xe0<br /> __sys_sendmsg+0x7a/0xc0<br /> do_syscall_64+0x40/0xe0<br /> entry_SYSCALL_64_after_hwframe+0x63/0x6b