Release Date: | 2024-11-09 |
In the Linux kernel, the following vulnerability has been resolved:\ncxl/port: Fix use-after-free, permit out-of-order decoder shutdown\nIn support of investigating an initialization failure report [1],\ncxl_test was updated to register mock memory-devices after the mock\nroot-port/bus device had been registered. That led to cxl_test crashing\nwith a use-after-free bug with the following signature:\ncxl_port_attach_region: cxl region3: cxl_host_bridge.0:port3 decoder3.0 add: mem0:decoder7.0 @ 0 next: cxl_switch_uport.0 nr_eps: 1 nr_targets: 1\ncxl_port_attach_region: cxl region3: cxl_host_bridge.0:port3 decoder3.0 add: mem4:decoder14.0 @ 1 next: cxl_switch_uport.0 nr_eps: 2 nr_targets: 1\ncxl_port_setup_targets: cxl region3: cxl_switch_uport.0:port6 target[0] = cxl_switch_dport.0 for mem0:decoder7.0 @ 0\n1) cxl_port_setup_targets: cxl region3: cxl_switch_uport.0:port6 target[1] = cxl_switch_dport.4 for mem4:decoder14.0 @ 1\n[..]\ncxld_unregister: cxl decoder14.0:\ncxl_region_decode_reset: cxl_region region3:\nmock_decoder_reset: cxl_port port3: decoder3.0 reset\n2) mock_decoder_reset: cxl_port port3: decoder3.0: out of order reset, expected decoder3.1\ncxl_endpoint_decoder_release: cxl decoder14.0:\n[..]\ncxld_unregister: cxl decoder7.0:\n3) cxl_region_decode_reset: cxl_region region3:\nOops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bc3: 0000 [#1] PREEMPT SMP PTI\n[..]\nRIP: 0010:to_cxl_port+0x8/0x60 [cxl_core]\n[..]\nCall Trace:\n
See more information about CVE-2024-50226 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
Base Score: | 5.5 |
Vector String: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Version: | 3.1 |
Attack Vector: | Local |
Attack Complexity: | Low |
Privileges Required: | Low |
User Interaction: | None |
Scope: | Unchanged |
Confidentiality: | None |
Integrity: | None |
Availability: | High |
Platform | Errata | Release Date |
Oracle Linux version 9 (kernel) | ELSA-2024-10274 | 2024-11-26 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: