CVE-2024-38555 (GCVE-0-2024-38555)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2025-05-04 12:56
VLAI?
Title
net/mlx5: Discard command completions in internal error
Summary
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command interface and trigger all completions manually. Kernel log: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. ... RIP: 0010:refcount_warn_saturate+0xd8/0xe0 ... Call Trace: <IRQ> ? __warn+0x79/0x120 ? refcount_warn_saturate+0xd8/0xe0 ? report_bug+0x17c/0x190 ? handle_bug+0x3c/0x60 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0xd8/0xe0 cmd_ent_put+0x13b/0x160 [mlx5_core] mlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core] cmd_comp_notifier+0x1f/0x30 [mlx5_core] notifier_call_chain+0x35/0xb0 atomic_notifier_call_chain+0x16/0x20 mlx5_eq_async_int+0xf6/0x290 [mlx5_core] notifier_call_chain+0x35/0xb0 atomic_notifier_call_chain+0x16/0x20 irq_int_handler+0x19/0x30 [mlx5_core] __handle_irq_event_percpu+0x4b/0x160 handle_irq_event+0x2e/0x80 handle_edge_irq+0x98/0x230 __common_interrupt+0x3b/0xa0 common_interrupt+0x7b/0xa0 </IRQ> <TASK> asm_common_interrupt+0x22/0x40
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 27c79b3a9212cf4ba634c157e07d29548181a208 , < f6fbb8535e990f844371086ab2c1221f71f993d3 (git)
Affected: 51d138c2610a236c1ed0059d034ee4c74f452b86 , < 3cb92b0ad73d3f1734e812054e698d655e9581b0 (git)
Affected: 51d138c2610a236c1ed0059d034ee4c74f452b86 , < bf8aaf0ae01c27ae3c06aa8610caf91e50393396 (git)
Affected: 51d138c2610a236c1ed0059d034ee4c74f452b86 , < 1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb (git)
Affected: 51d138c2610a236c1ed0059d034ee4c74f452b86 , < 1d5dce5e92a70274de67a59e1e674c3267f94cd7 (git)
Affected: 51d138c2610a236c1ed0059d034ee4c74f452b86 , < 7ac4c69c34240c6de820492c0a28a0bd1494265a (git)
Affected: 51d138c2610a236c1ed0059d034ee4c74f452b86 , < db9b31aa9bc56ff0d15b78f7e827d61c4a096e40 (git)
Affected: 2e5d24b3bf091802c5456dc8f8f6a6be4493c8ca (git)
Create a notification for this product.
    Linux Linux Affected: 5.12
Unaffected: 0 , < 5.12 (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38555",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:14:41.121534Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:56.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f6fbb8535e990f844371086ab2c1221f71f993d3",
              "status": "affected",
              "version": "27c79b3a9212cf4ba634c157e07d29548181a208",
              "versionType": "git"
            },
            {
              "lessThan": "3cb92b0ad73d3f1734e812054e698d655e9581b0",
              "status": "affected",
              "version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
              "versionType": "git"
            },
            {
              "lessThan": "bf8aaf0ae01c27ae3c06aa8610caf91e50393396",
              "status": "affected",
              "version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
              "versionType": "git"
            },
            {
              "lessThan": "1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb",
              "status": "affected",
              "version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
              "versionType": "git"
            },
            {
              "lessThan": "1d5dce5e92a70274de67a59e1e674c3267f94cd7",
              "status": "affected",
              "version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
              "versionType": "git"
            },
            {
              "lessThan": "7ac4c69c34240c6de820492c0a28a0bd1494265a",
              "status": "affected",
              "version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
              "versionType": "git"
            },
            {
              "lessThan": "db9b31aa9bc56ff0d15b78f7e827d61c4a096e40",
              "status": "affected",
              "version": "51d138c2610a236c1ed0059d034ee4c74f452b86",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2e5d24b3bf091802c5456dc8f8f6a6be4493c8ca",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "5.10.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.11.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Discard command completions in internal error\n\nFix use after free when FW completion arrives while device is in\ninternal error state. Avoid calling completion handler in this case,\nsince the device will flush the command interface and trigger all\ncompletions manually.\n\nKernel log:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\n...\nCall Trace:\n\u003cIRQ\u003e\n? __warn+0x79/0x120\n? refcount_warn_saturate+0xd8/0xe0\n? report_bug+0x17c/0x190\n? handle_bug+0x3c/0x60\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? refcount_warn_saturate+0xd8/0xe0\ncmd_ent_put+0x13b/0x160 [mlx5_core]\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nirq_int_handler+0x19/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x4b/0x160\nhandle_irq_event+0x2e/0x80\nhandle_edge_irq+0x98/0x230\n__common_interrupt+0x3b/0xa0\ncommon_interrupt+0x7b/0xa0\n\u003c/IRQ\u003e\n\u003cTASK\u003e\nasm_common_interrupt+0x22/0x40"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:44.500Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396"
        },
        {
          "url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a"
        },
        {
          "url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40"
        }
      ],
      "title": "net/mlx5: Discard command completions in internal error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38555",
    "datePublished": "2024-06-19T13:35:26.059Z",
    "dateReserved": "2024-06-18T19:36:34.920Z",
    "dateUpdated": "2025-05-04T12:56:44.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.10.20\", \"versionEndExcluding\": \"5.10.219\", \"matchCriteriaId\": \"12848580-6A3F-4069-9B0A-78AAA5E79BE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.12\", \"versionEndExcluding\": \"5.15.161\", \"matchCriteriaId\": \"A5A5A54E-7208-43CC-811F-57A4B7A4488D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"6.1.93\", \"matchCriteriaId\": \"EEFB78EE-F990-4197-BF1C-156760A55667\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2\", \"versionEndExcluding\": \"6.6.33\", \"matchCriteriaId\": \"FCE796DF-3B50-4DC6-BAE5-95271068FC9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.8.12\", \"matchCriteriaId\": \"80550309-67AB-4FD1-AC07-3DED5C4F01B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.9\", \"versionEndExcluding\": \"6.9.3\", \"matchCriteriaId\": \"E07124C1-19E8-4D21-828D-9932A01D3011\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/mlx5: Discard command completions in internal error\\n\\nFix use after free when FW completion arrives while device is in\\ninternal error state. Avoid calling completion handler in this case,\\nsince the device will flush the command interface and trigger all\\ncompletions manually.\\n\\nKernel log:\\n------------[ cut here ]------------\\nrefcount_t: underflow; use-after-free.\\n...\\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\\n...\\nCall Trace:\\n\u003cIRQ\u003e\\n? __warn+0x79/0x120\\n? refcount_warn_saturate+0xd8/0xe0\\n? report_bug+0x17c/0x190\\n? handle_bug+0x3c/0x60\\n? exc_invalid_op+0x14/0x70\\n? asm_exc_invalid_op+0x16/0x20\\n? refcount_warn_saturate+0xd8/0xe0\\ncmd_ent_put+0x13b/0x160 [mlx5_core]\\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\\nnotifier_call_chain+0x35/0xb0\\natomic_notifier_call_chain+0x16/0x20\\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\\nnotifier_call_chain+0x35/0xb0\\natomic_notifier_call_chain+0x16/0x20\\nirq_int_handler+0x19/0x30 [mlx5_core]\\n__handle_irq_event_percpu+0x4b/0x160\\nhandle_irq_event+0x2e/0x80\\nhandle_edge_irq+0x98/0x230\\n__common_interrupt+0x3b/0xa0\\ncommon_interrupt+0x7b/0xa0\\n\u003c/IRQ\u003e\\n\u003cTASK\u003e\\nasm_common_interrupt+0x22/0x40\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: descartar la finalizaci\\u00f3n de comandos en caso de error interno. Se corrige el use-after-free cuando llega la finalizaci\\u00f3n del FW mientras el dispositivo est\\u00e1 en estado de error interno. Evite llamar al controlador de finalizaci\\u00f3n en este caso, ya que el dispositivo limpiar\\u00e1 la interfaz de comando y activar\\u00e1 todas las finalizaciones manualmente. Registro del kernel: ------------[ cortar aqu\\u00ed ]------------ refcount_t: underflow; use-after-free. ... RIP: 0010:refcount_warn_saturate+0xd8/0xe0 ... Seguimiento de llamadas: ? __advertir+0x79/0x120 ? refcount_warn_saturate+0xd8/0xe0? report_bug+0x17c/0x190? handle_bug+0x3c/0x60? exc_invalid_op+0x14/0x70? asm_exc_invalid_op+0x16/0x20? refcount_warn_saturate+0xd8/0xe0 cmd_ent_put+0x13b/0x160 [mlx5_core] mlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core] cmd_comp_notifier+0x1f/0x30 [mlx5_core] notifier_call_chain+0x35/0xb0 cadena+0x16/0x20 mlx5_eq_async_int+0xf6/0x290 [mlx5_core] notifier_call_chain+0x35 /0xb0 atomic_notifier_call_chain+0x16/0x20 irq_int_handler+0x19/0x30 [mlx5_core] __handle_irq_event_percpu+0x4b/0x160 handle_irq_event+0x2e/0x80 handle_edge_irq+0x98/0x230 __common_interrupt+0x3b/0 xa0 interrupci\\u00f3n_com\\u00fan+0x7b/0xa0   asm_interrupci\\u00f3n_com\\u00fan+0x22 /0x40\"}]",
      "id": "CVE-2024-38555",
      "lastModified": "2024-11-21T09:26:20.137",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2024-06-19T14:15:15.720",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-38555\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-19T14:15:15.720\",\"lastModified\":\"2024-11-21T09:26:20.137\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/mlx5: Discard command completions in internal error\\n\\nFix use after free when FW completion arrives while device is in\\ninternal error state. Avoid calling completion handler in this case,\\nsince the device will flush the command interface and trigger all\\ncompletions manually.\\n\\nKernel log:\\n------------[ cut here ]------------\\nrefcount_t: underflow; use-after-free.\\n...\\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\\n...\\nCall Trace:\\n\u003cIRQ\u003e\\n? __warn+0x79/0x120\\n? refcount_warn_saturate+0xd8/0xe0\\n? report_bug+0x17c/0x190\\n? handle_bug+0x3c/0x60\\n? exc_invalid_op+0x14/0x70\\n? asm_exc_invalid_op+0x16/0x20\\n? refcount_warn_saturate+0xd8/0xe0\\ncmd_ent_put+0x13b/0x160 [mlx5_core]\\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\\nnotifier_call_chain+0x35/0xb0\\natomic_notifier_call_chain+0x16/0x20\\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\\nnotifier_call_chain+0x35/0xb0\\natomic_notifier_call_chain+0x16/0x20\\nirq_int_handler+0x19/0x30 [mlx5_core]\\n__handle_irq_event_percpu+0x4b/0x160\\nhandle_irq_event+0x2e/0x80\\nhandle_edge_irq+0x98/0x230\\n__common_interrupt+0x3b/0xa0\\ncommon_interrupt+0x7b/0xa0\\n\u003c/IRQ\u003e\\n\u003cTASK\u003e\\nasm_common_interrupt+0x22/0x40\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: descartar la finalizaci\u00f3n de comandos en caso de error interno. Se corrige el use-after-free cuando llega la finalizaci\u00f3n del FW mientras el dispositivo est\u00e1 en estado de error interno. Evite llamar al controlador de finalizaci\u00f3n en este caso, ya que el dispositivo limpiar\u00e1 la interfaz de comando y activar\u00e1 todas las finalizaciones manualmente. Registro del kernel: ------------[ cortar aqu\u00ed ]------------ refcount_t: underflow; use-after-free. ... RIP: 0010:refcount_warn_saturate+0xd8/0xe0 ... Seguimiento de llamadas: ? __advertir+0x79/0x120 ? refcount_warn_saturate+0xd8/0xe0? report_bug+0x17c/0x190? handle_bug+0x3c/0x60? exc_invalid_op+0x14/0x70? asm_exc_invalid_op+0x16/0x20? refcount_warn_saturate+0xd8/0xe0 cmd_ent_put+0x13b/0x160 [mlx5_core] mlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core] cmd_comp_notifier+0x1f/0x30 [mlx5_core] notifier_call_chain+0x35/0xb0 cadena+0x16/0x20 mlx5_eq_async_int+0xf6/0x290 [mlx5_core] notifier_call_chain+0x35 /0xb0 atomic_notifier_call_chain+0x16/0x20 irq_int_handler+0x19/0x30 [mlx5_core] __handle_irq_event_percpu+0x4b/0x160 handle_irq_event+0x2e/0x80 handle_edge_irq+0x98/0x230 __common_interrupt+0x3b/0 xa0 interrupci\u00f3n_com\u00fan+0x7b/0xa0   asm_interrupci\u00f3n_com\u00fan+0x22 /0x40\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.20\",\"versionEndExcluding\":\"5.10.219\",\"matchCriteriaId\":\"12848580-6A3F-4069-9B0A-78AAA5E79BE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12\",\"versionEndExcluding\":\"5.15.161\",\"matchCriteriaId\":\"A5A5A54E-7208-43CC-811F-57A4B7A4488D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.93\",\"matchCriteriaId\":\"EEFB78EE-F990-4197-BF1C-156760A55667\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.33\",\"matchCriteriaId\":\"FCE796DF-3B50-4DC6-BAE5-95271068FC9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.8.12\",\"matchCriteriaId\":\"80550309-67AB-4FD1-AC07-3DED5C4F01B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.9.3\",\"matchCriteriaId\":\"E07124C1-19E8-4D21-828D-9932A01D3011\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:12:25.241Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38555\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T17:14:41.121534Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:27.084Z\"}}], \"cna\": {\"title\": \"net/mlx5: Discard command completions in internal error\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"27c79b3a9212\", \"lessThan\": \"f6fbb8535e99\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"51d138c2610a\", \"lessThan\": \"3cb92b0ad73d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"51d138c2610a\", \"lessThan\": \"bf8aaf0ae01c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"51d138c2610a\", \"lessThan\": \"1337ec94bc5a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"51d138c2610a\", \"lessThan\": \"1d5dce5e92a7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"51d138c2610a\", \"lessThan\": \"7ac4c69c3424\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"51d138c2610a\", \"lessThan\": \"db9b31aa9bc5\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/ethernet/mellanox/mlx5/core/cmd.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.12\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.12\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.10.219\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.161\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.93\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.33\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8.12\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.8.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.9.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/ethernet/mellanox/mlx5/core/cmd.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3\"}, {\"url\": \"https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0\"}, {\"url\": \"https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396\"}, {\"url\": \"https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb\"}, {\"url\": \"https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7\"}, {\"url\": \"https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a\"}, {\"url\": \"https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40\"}], \"x_generator\": {\"engine\": \"bippy-9e1c9544281a\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/mlx5: Discard command completions in internal error\\n\\nFix use after free when FW completion arrives while device is in\\ninternal error state. Avoid calling completion handler in this case,\\nsince the device will flush the command interface and trigger all\\ncompletions manually.\\n\\nKernel log:\\n------------[ cut here ]------------\\nrefcount_t: underflow; use-after-free.\\n...\\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\\n...\\nCall Trace:\\n\u003cIRQ\u003e\\n? __warn+0x79/0x120\\n? refcount_warn_saturate+0xd8/0xe0\\n? report_bug+0x17c/0x190\\n? handle_bug+0x3c/0x60\\n? exc_invalid_op+0x14/0x70\\n? asm_exc_invalid_op+0x16/0x20\\n? refcount_warn_saturate+0xd8/0xe0\\ncmd_ent_put+0x13b/0x160 [mlx5_core]\\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\\nnotifier_call_chain+0x35/0xb0\\natomic_notifier_call_chain+0x16/0x20\\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\\nnotifier_call_chain+0x35/0xb0\\natomic_notifier_call_chain+0x16/0x20\\nirq_int_handler+0x19/0x30 [mlx5_core]\\n__handle_irq_event_percpu+0x4b/0x160\\nhandle_irq_event+0x2e/0x80\\nhandle_edge_irq+0x98/0x230\\n__common_interrupt+0x3b/0xa0\\ncommon_interrupt+0x7b/0xa0\\n\u003c/IRQ\u003e\\n\u003cTASK\u003e\\nasm_common_interrupt+0x22/0x40\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-11-05T09:29:47.809Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-38555\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-05T09:29:47.809Z\", \"dateReserved\": \"2024-06-18T19:36:34.920Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-06-19T13:35:26.059Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}