cve-2024-36007
Vulnerability from cvelistv5
Published
2024-05-20 09:48
Modified
2024-11-06 15:10
Summary
mlxsw: spectrum_acl_tcam: Fix warning during rehash
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Impacted products
Vendor Product Version
Linux Linux Version: 5.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T18:47:44.179419Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T15:10:37.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:11.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0b8863185502",
              "status": "affected",
              "version": "6f9579d4e302",
              "versionType": "git"
            },
            {
              "lessThan": "1d76bd2a0034",
              "status": "affected",
              "version": "6f9579d4e302",
              "versionType": "git"
            },
            {
              "lessThan": "039992b6d2df",
              "status": "affected",
              "version": "6f9579d4e302",
              "versionType": "git"
            },
            {
              "lessThan": "751d35285810",
              "status": "affected",
              "version": "6f9579d4e302",
              "versionType": "git"
            },
            {
              "lessThan": "e890456051fe",
              "status": "affected",
              "version": "6f9579d4e302",
              "versionType": "git"
            },
            {
              "lessThan": "17e9e0bbae65",
              "status": "affected",
              "version": "6f9579d4e302",
              "versionType": "git"
            },
            {
              "lessThan": "743edc8547a9",
              "status": "affected",
              "version": "6f9579d4e302",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix warning during rehash\n\nAs previously explained, the rehash delayed work migrates filters from\none region to another. This is done by iterating over all chunks (all\nthe filters with the same priority) in the region and in each chunk\niterating over all the filters.\n\nWhen the work runs out of credits it stores the current chunk and entry\nas markers in the per-work context so that it would know where to resume\nthe migration from the next time the work is scheduled.\n\nUpon error, the chunk marker is reset to NULL, but without resetting the\nentry markers despite being relative to it. This can result in migration\nbeing resumed from an entry that does not belong to the chunk being\nmigrated. In turn, this will eventually lead to a chunk being iterated\nover as if it is an entry. Because of how the two structures happen to\nbe defined, this does not lead to KASAN splats, but to warnings such as\n[1].\n\nFix by creating a helper that resets all the markers and call it from\nall the places the currently only reset the chunk marker. For good\nmeasures also call it when starting a completely new rehash. Add a\nwarning to avoid future cases.\n\n[1]\nWARNING: CPU: 7 PID: 1076 at drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0\nModules linked in:\nCPU: 7 PID: 1076 Comm: kworker/7:24 Tainted: G        W          6.9.0-rc3-custom-00880-g29e61d91b77b #29\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_afk_encode+0x242/0x2f0\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x470\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:26:40.282Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952"
        },
        {
          "url": "https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573"
        },
        {
          "url": "https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916"
        },
        {
          "url": "https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861"
        },
        {
          "url": "https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d"
        },
        {
          "url": "https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix warning during rehash",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36007",
    "datePublished": "2024-05-20T09:48:06.947Z",
    "dateReserved": "2024-05-17T13:50:33.151Z",
    "dateUpdated": "2024-11-06T15:10:37.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36007\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-20T10:15:14.637\",\"lastModified\":\"2024-11-21T09:21:25.123\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmlxsw: spectrum_acl_tcam: Fix warning during rehash\\n\\nAs previously explained, the rehash delayed work migrates filters from\\none region to another. This is done by iterating over all chunks (all\\nthe filters with the same priority) in the region and in each chunk\\niterating over all the filters.\\n\\nWhen the work runs out of credits it stores the current chunk and entry\\nas markers in the per-work context so that it would know where to resume\\nthe migration from the next time the work is scheduled.\\n\\nUpon error, the chunk marker is reset to NULL, but without resetting the\\nentry markers despite being relative to it. This can result in migration\\nbeing resumed from an entry that does not belong to the chunk being\\nmigrated. In turn, this will eventually lead to a chunk being iterated\\nover as if it is an entry. Because of how the two structures happen to\\nbe defined, this does not lead to KASAN splats, but to warnings such as\\n[1].\\n\\nFix by creating a helper that resets all the markers and call it from\\nall the places the currently only reset the chunk marker. For good\\nmeasures also call it when starting a completely new rehash. Add a\\nwarning to avoid future cases.\\n\\n[1]\\nWARNING: CPU: 7 PID: 1076 at drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0\\nModules linked in:\\nCPU: 7 PID: 1076 Comm: kworker/7:24 Tainted: G        W          6.9.0-rc3-custom-00880-g29e61d91b77b #29\\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\\nRIP: 0010:mlxsw_afk_encode+0x242/0x2f0\\n[...]\\nCall Trace:\\n \u003cTASK\u003e\\n mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0\\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290\\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x470\\n process_one_work+0x151/0x370\\n worker_thread+0x2cb/0x3e0\\n kthread+0xd0/0x100\\n ret_from_fork+0x34/0x50\\n \u003c/TASK\u003e\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mlxsw: espectro_acl_tcam: Advertencia de correcci\u00f3n durante el rehash Como se explic\u00f3 anteriormente, el trabajo retrasado del rehash migra filtros de una regi\u00f3n a otra. Esto se hace iterando sobre todos los fragmentos (todos los filtros con la misma prioridad) en la regi\u00f3n y en cada fragmento iterando sobre todos los filtros. Cuando el trabajo se queda sin cr\u00e9ditos, almacena el fragmento y la entrada actuales como marcadores en el contexto por trabajo para saber d\u00f3nde reanudar la migraci\u00f3n la pr\u00f3xima vez que se programe el trabajo. En caso de error, el marcador de fragmento se restablece a NULL, pero sin restablecer los marcadores de entrada a pesar de ser relativos a \u00e9l. Esto puede provocar que la migraci\u00f3n se reanude desde una entrada que no pertenece al fragmento que se est\u00e1 migrando. A su vez, esto eventualmente conducir\u00e1 a que se repita un fragmento como si fuera una entrada. Debido a c\u00f3mo se definen las dos estructuras, esto no genera s\u00edmbolos KASAN, sino advertencias como [1]. Para solucionarlo, cree un asistente que restablezca todos los marcadores y ll\u00e1melo desde todos los lugares donde actualmente solo restablece el marcador de fragmentos. Por si acaso, ll\u00e1melo tambi\u00e9n al iniciar un rehash completamente nuevo. Agregue una advertencia para evitar casos futuros. [1] ADVERTENCIA: CPU: 7 PID: 1076 en drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0 M\u00f3dulos vinculados en: CPU: 7 PID: 1076 Comm: kworker/7:24 Tainted : GW 6.9.0-rc3-custom-00880-g29e61d91b77b #29 Nombre del hardware: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 06/01/2019 Cola de trabajo: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP 0010:mlxsw_af k_encode+0x242/0x2f0 [... ] Seguimiento de llamadas:  mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290 mlxsw_sp_acl_tcam_vregion_rehash_work+0x6 c/0x470 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.