CVE-2024-26586
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-26586
CVE Details
| Release Date: | 2024-02-22 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nmlxsw: spectrum_acl_tcam: Fix stack corruption\nWhen tc filters are first added to a net device, the corresponding local\nport gets bound to an ACL group in the device. The group contains a list\nof ACLs. In turn, each ACL points to a different TCAM region where the\nfilters are stored. During forwarding, the ACLs are sequentially\nevaluated until a match is found.\nOne reason to place filters in different regions is when they are added\nwith decreasing priorities and in an alternating order so that two\nconsecutive filters can never fit in the same region because of their\nkey usage.\nIn Spectrum-2 and newer ASICs the firmware started to report that the\nmaximum number of ACLs in a group is more than 16, but the layout of the\nregister that configures ACL groups (PAGT) was not updated to account\nfor that. It is therefore possible to hit stack corruption [1] in the\nrare case where more than 16 ACLs in a group are required.\nFix by limiting the maximum ACL group size to the minimum between what\nthe firmware reports and the maximum ACLs that fit in the PAGT register.\nAdd a test case to make sure the machine does not crash when this\ncondition is hit.\n[1]\nKernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120\n[...]\ndump_stack_lvl+0x36/0x50\npanic+0x305/0x330\n__stack_chk_fail+0x15/0x20\nmlxsw_sp_acl_tcam_group_update+0x116/0x120\nmlxsw_sp_acl_tcam_group_region_attach+0x69/0x110\nmlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20\nmlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\nmlxsw_sp_acl_rule_add+0x47/0x240\nmlxsw_sp_flower_replace+0x1a9/0x1d0\ntc_setup_cb_add+0xdc/0x1c0\nfl_hw_replace_filter+0x146/0x1f0\nfl_change+0xc17/0x1360\ntc_new_tfilter+0x472/0xb90\nrtnetlink_rcv_msg+0x313/0x3b0\nnetlink_rcv_skb+0x58/0x100\nnetlink_unicast+0x244/0x390\nnetlink_sendmsg+0x1e4/0x440\n____sys_sendmsg+0x164/0x260\n___sys_sendmsg+0x9a/0xe0\n__sys_sendmsg+0x7a/0xc0\ndo_syscall_64+0x40/0xe0\nentry_SYSCALL_64_after_hwframe+0x63/0x6b
See more information about CVE-2024-26586 from MITRE CVE dictionary and NIST NVD
CVSS v3.0 metrics
NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.
| Base Score: | 6.7 | Base Metrics: | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Access Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | High | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | High |
| Integrity Impact: | High | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 9 (kernel) | ELSA-2024-2394 | 2024-05-02 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
