CVE-2024-36281

CVE Details

Release Date:2024-06-21

Description


In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules\nrx_create no longer allocates a modify_hdr instance that needs to be\ncleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer\ndereference. A leak in the rules also previously occurred since there are\nnow two rules populated related to status.\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 109907067 P4D 109907067 PUD 116890067 PMD 0\nOops: 0000 [#1] SMP\nCPU: 1 PID: 484 Comm: ip Not tainted 6.9.0-rc2-rrameshbabu+ #254\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nRIP: 0010:mlx5_modify_header_dealloc+0xd/0x70\n\nCall Trace:\n\n? show_regs+0x60/0x70\n? __die+0x24/0x70\n? page_fault_oops+0x15f/0x430\n? free_to_partial_list.constprop.0+0x79/0x150\n? do_user_addr_fault+0x2c9/0x5c0\n? exc_page_fault+0x63/0x110\n? asm_exc_page_fault+0x27/0x30\n? mlx5_modify_header_dealloc+0xd/0x70\nrx_create+0x374/0x590\nrx_add_rule+0x3ad/0x500\n? rx_add_rule+0x3ad/0x500\n? mlx5_cmd_exec+0x2c/0x40\n? mlx5_create_ipsec_obj+0xd6/0x200\nmlx5e_accel_ipsec_fs_add_rule+0x31/0xf0\nmlx5e_xfrm_add_state+0x426/0xc00\n

See more information about CVE-2024-36281 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 4.4 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector: Local network Attack Complexity: Low
Privileges Required: High User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 8 (kernel-uek)ELSA-2024-126822024-09-23
Oracle Linux version 9 (kernel-uek)ELSA-2024-126822024-09-23


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete