CVE-2024-35855

ULN >
Oracle Linux CVE repository >
CVE-2024-35855

CVE Details

Release Date:	2024-05-17
Impact:	Moderate	What is this?

Description

In the Linux kernel, the following vulnerability has been resolved:\nmlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update\nThe rule activity update delayed work periodically traverses the list of\nconfigured rules and queries their activity from the device.\nAs part of this task it accesses the entry pointed by 'ventry->entry',\nbut this entry can be changed concurrently by the rehash delayed work,\nleading to a use-after-free [1].\nFix by closing the race and perform the activity query under the\n'vregion->lock' mutex.\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140\nRead of size 8 at addr ffff8881054ed808 by task kworker/0:18/181\nCPU: 0 PID: 181 Comm: kworker/0:18 Not tainted 6.9.0-rc2-custom-00781-gd5ab772d32f7 #2\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_rule_activity_update_work\nCall Trace:\n\ndump_stack_lvl+0xc6/0x120\nprint_report+0xce/0x670\nkasan_report+0xd7/0x110\nmlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140\nmlxsw_sp_acl_rule_activity_update_work+0x219/0x400\nprocess_one_work+0x8eb/0x19b0\nworker_thread+0x6c9/0xf70\nkthread+0x2c9/0x3b0\nret_from_fork+0x4d/0x80\nret_from_fork_asm+0x1a/0x30\n\nAllocated by task 1039:\nkasan_save_stack+0x33/0x60\nkasan_save_track+0x14/0x30\n__kasan_kmalloc+0x8f/0xa0\n__kmalloc+0x19c/0x360\nmlxsw_sp_acl_tcam_entry_create+0x7b/0x1f0\nmlxsw_sp_acl_tcam_vchunk_migrate_all+0x30d/0xb50\nmlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\nprocess_one_work+0x8eb/0x19b0\nworker_thread+0x6c9/0xf70\nkthread+0x2c9/0x3b0\nret_from_fork+0x4d/0x80\nret_from_fork_asm+0x1a/0x30\nFreed by task 1039:\nkasan_save_stack+0x33/0x60\nkasan_save_track+0x14/0x30\nkasan_save_free_info+0x3b/0x60\npoison_slab_object+0x102/0x170\n__kasan_slab_free+0x14/0x30\nkfree+0xc1/0x290\nmlxsw_sp_acl_tcam_vchunk_migrate_all+0x3d7/0xb50\nmlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\nprocess_one_work+0x8eb/0x19b0\nworker_thread+0x6c9/0xf70\nkthread+0x2c9/0x3b0\nret_from_fork+0x4d/0x80\nret_from_fork_asm+0x1a/0x30

See more information about CVE-2024-35855 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	5.5
Vector String:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version:	3.1
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	Low
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	None
Integrity Impact:	None
Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (kernel)	ELSA-2024-4211	2024-07-02
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691