cve-2024-50190
Vulnerability from cvelistv5
Published
2024-11-08 05:43
Modified
2024-12-19 09:35
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: fix memleak in ice_init_tx_topology()
Fix leak of the FW blob (DDP pkg).
Make ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid
copying whole FW blob. Copy just the topology section, and only when
needed. Reuse the buffer allocated for the read of the current topology.
This was found by kmemleak, with the following trace for each PF:
[<ffffffff8761044d>] kmemdup_noprof+0x1d/0x50
[<ffffffffc0a0a480>] ice_init_ddp_config+0x100/0x220 [ice]
[<ffffffffc0a0da7f>] ice_init_dev+0x6f/0x200 [ice]
[<ffffffffc0a0dc49>] ice_init+0x29/0x560 [ice]
[<ffffffffc0a10c1d>] ice_probe+0x21d/0x310 [ice]
Constify ice_cfg_tx_topo() @buf parameter.
This cascades further down to few more functions.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/intel/ice/ice_ddp.c", "drivers/net/ethernet/intel/ice/ice_ddp.h", "drivers/net/ethernet/intel/ice/ice_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "43544b4e30732c3d88f423252281915d5bc739b6", "status": "affected", "version": "cc5776fe183208115e42c044497e193e4671a2b9", "versionType": "git" }, { "lessThan": "c188afdc36113760873ec78cbc036f6b05f77621", "status": "affected", "version": "cc5776fe183208115e42c044497e193e4671a2b9", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/intel/ice/ice_ddp.c", "drivers/net/ethernet/intel/ice/ice_ddp.h", "drivers/net/ethernet/intel/ice/ice_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.10" }, { "lessThan": "6.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memleak in ice_init_tx_topology()\n\nFix leak of the FW blob (DDP pkg).\n\nMake ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid\ncopying whole FW blob. Copy just the topology section, and only when\nneeded. Reuse the buffer allocated for the read of the current topology.\n\nThis was found by kmemleak, with the following trace for each PF:\n [\u003cffffffff8761044d\u003e] kmemdup_noprof+0x1d/0x50\n [\u003cffffffffc0a0a480\u003e] ice_init_ddp_config+0x100/0x220 [ice]\n [\u003cffffffffc0a0da7f\u003e] ice_init_dev+0x6f/0x200 [ice]\n [\u003cffffffffc0a0dc49\u003e] ice_init+0x29/0x560 [ice]\n [\u003cffffffffc0a10c1d\u003e] ice_probe+0x21d/0x310 [ice]\n\nConstify ice_cfg_tx_topo() @buf parameter.\nThis cascades further down to few more functions." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:35:07.487Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/43544b4e30732c3d88f423252281915d5bc739b6" }, { "url": "https://git.kernel.org/stable/c/c188afdc36113760873ec78cbc036f6b05f77621" } ], "title": "ice: fix memleak in ice_init_tx_topology()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50190", "datePublished": "2024-11-08T05:43:46.911Z", "dateReserved": "2024-10-21T19:36:19.967Z", "dateUpdated": "2024-12-19T09:35:07.487Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-50190\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-08T06:15:15.957\",\"lastModified\":\"2024-12-11T15:35:15.513\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nice: fix memleak in ice_init_tx_topology()\\n\\nFix leak of the FW blob (DDP pkg).\\n\\nMake ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid\\ncopying whole FW blob. Copy just the topology section, and only when\\nneeded. Reuse the buffer allocated for the read of the current topology.\\n\\nThis was found by kmemleak, with the following trace for each PF:\\n [\u003cffffffff8761044d\u003e] kmemdup_noprof+0x1d/0x50\\n [\u003cffffffffc0a0a480\u003e] ice_init_ddp_config+0x100/0x220 [ice]\\n [\u003cffffffffc0a0da7f\u003e] ice_init_dev+0x6f/0x200 [ice]\\n [\u003cffffffffc0a0dc49\u003e] ice_init+0x29/0x560 [ice]\\n [\u003cffffffffc0a10c1d\u003e] ice_probe+0x21d/0x310 [ice]\\n\\nConstify ice_cfg_tx_topo() @buf parameter.\\nThis cascades further down to few more functions.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: se corrige la p\u00e9rdida de memoria en ice_init_tx_topology() Se corrige la p\u00e9rdida del blob de FW (paquete DDP). Se hace que ice_cfg_tx_topo() sea constante y correcto, de modo que ice_init_tx_topology() pueda evitar copiar todo el blob de FW. Se copia solo la secci\u00f3n de topolog\u00eda y solo cuando es necesario. Se reutiliza el b\u00fafer asignado para la lectura de la topolog\u00eda actual. Esto fue encontrado por kmemleak, con el siguiente rastro para cada PF: [] kmemdup_noprof+0x1d/0x50 [] ice_init_ddp_config+0x100/0x220 [ice] [] ice_init_dev+0x6f/0x200 [ice] [] ice_init+0x29/0x560 [ice] [] ice_probe+0x21d/0x310 [ice] Par\u00e1metros de conversi\u00f3n de ice_cfg_tx_topo() @buf. Esto se aplica en cascada a algunas funciones m\u00e1s.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.10\",\"versionEndExcluding\":\"6.11.4\",\"matchCriteriaId\":\"2ADD5DBE-B520-479C-9FCD-6C8FA848E789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/43544b4e30732c3d88f423252281915d5bc739b6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c188afdc36113760873ec78cbc036f6b05f77621\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.