CVE-2024-35854

ULN >
Oracle Linux CVE repository >
CVE-2024-35854

CVE Details

Release Date:

2024-05-17

Description

In the Linux kernel, the following vulnerability has been resolved:\nmlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash\nThe rehash delayed work migrates filters from one region to another\naccording to the number of available credits.\nThe migrated from region is destroyed at the end of the work if the\nnumber of credits is non-negative as the assumption is that this is\nindicative of migration being complete. This assumption is incorrect as\na non-negative number of credits can also be the result of a failed\nmigration.\nThe destruction of a region that still has filters referencing it can\nresult in a use-after-free [1].\nFix by not destroying the region if migration failed.\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230\nRead of size 8 at addr ffff8881735319e8 by task kworker/0:31/3858\nCPU: 0 PID: 3858 Comm: kworker/0:31 Tainted: G W 6.9.0-rc2-custom-00782-gf2275c2157d8 #5\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nCall Trace:\n\ndump_stack_lvl+0xc6/0x120\nprint_report+0xce/0x670\nkasan_report+0xd7/0x110\nmlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230\nmlxsw_sp_acl_ctcam_entry_del+0x2e/0x70\nmlxsw_sp_acl_atcam_entry_del+0x81/0x210\nmlxsw_sp_acl_tcam_vchunk_migrate_all+0x3cd/0xb50\nmlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\nprocess_one_work+0x8eb/0x19b0\nworker_thread+0x6c9/0xf70\nkthread+0x2c9/0x3b0\nret_from_fork+0x4d/0x80\nret_from_fork_asm+0x1a/0x30\n\nAllocated by task 174:\nkasan_save_stack+0x33/0x60\nkasan_save_track+0x14/0x30\n__kasan_kmalloc+0x8f/0xa0\n__kmalloc+0x19c/0x360\nmlxsw_sp_acl_tcam_region_create+0xdf/0x9c0\nmlxsw_sp_acl_tcam_vregion_rehash_work+0x954/0x1300\nprocess_one_work+0x8eb/0x19b0\nworker_thread+0x6c9/0xf70\nkthread+0x2c9/0x3b0\nret_from_fork+0x4d/0x80\nret_from_fork_asm+0x1a/0x30\nFreed by task 7:\nkasan_save_stack+0x33/0x60\nkasan_save_track+0x14/0x30\nkasan_save_free_info+0x3b/0x60\npoison_slab_object+0x102/0x170\n__kasan_slab_free+0x14/0x30\nkfree+0xc1/0x290\nmlxsw_sp_acl_tcam_region_destroy+0x272/0x310\nmlxsw_sp_acl_tcam_vregion_rehash_work+0x731/0x1300\nprocess_one_work+0x8eb/0x19b0\nworker_thread+0x6c9/0xf70\nkthread+0x2c9/0x3b0\nret_from_fork+0x4d/0x80\nret_from_fork_asm+0x1a/0x30

See more information about CVE-2024-35854 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	5.5	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (kernel)	ELSA-2024-4211	2024-07-02
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691