medium
5.5
CWE
476
EPSS
0.044%
Advisory Published
Updated

CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump

First published: Thu Feb 29 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d <duration> -H 'Connection: Close' <URL> - continuously dump SMC-D connections in parallel: watch -n 1 'smcss -D' BUG: kernel NULL pointer dereference, address: 0000000000000030 CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G E 6.7.0+ #55 RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag] Call Trace: <TASK> ? __die+0x24/0x70 ? page_fault_oops+0x66/0x150 ? exc_page_fault+0x69/0x140 ? asm_exc_page_fault+0x26/0x30 ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag] ? __kmalloc_node_track_caller+0x35d/0x430 ? __alloc_skb+0x77/0x170 smc_diag_dump_proto+0xd0/0xf0 [smc_diag] smc_diag_dump+0x26/0x60 [smc_diag] netlink_dump+0x19f/0x320 __netlink_dump_start+0x1dc/0x300 smc_diag_handler_dump+0x6a/0x80 [smc_diag] ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag] sock_diag_rcv_msg+0x121/0x140 ? __pfx_sock_diag_rcv_msg+0x10/0x10 netlink_rcv_skb+0x5a/0x110 sock_diag_rcv+0x28/0x40 netlink_unicast+0x22a/0x330 netlink_sendmsg+0x1f8/0x420 __sock_sendmsg+0xb0/0xc0 ____sys_sendmsg+0x24e/0x300 ? copy_msghdr_from_user+0x62/0x80 ___sys_sendmsg+0x7c/0xd0 ? __do_fault+0x34/0x160 ? do_read_fault+0x5f/0x100 ? do_fault+0xb0/0x110 ? __handle_mm_fault+0x2b0/0x6c0 __sys_sendmsg+0x4d/0x80 do_syscall_64+0x69/0x180 entry_SYSCALL_64_after_hwframe+0x6e/0x76 It is possible that the connection is in process of being established when we dump it. Assumed that the connection has been registered in a link group by smc_conn_create() but the rmb_desc has not yet been initialized by smc_buf_create(), thus causing the illegal access to conn->rmb_desc. So fix it by checking before dump.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
redhat/kernel<4.19.307
4.19.307
redhat/kernel<5.4.269
5.4.269
redhat/kernel<5.10.210
5.10.210
redhat/kernel<5.15.149
5.15.149
redhat/kernel<6.1.76
6.1.76
redhat/kernel<6.6.15
6.6.15
redhat/kernel<6.7.3
6.7.3
redhat/kernel<6.8
6.8
Linux Kernel>=4.19<4.19.307
Linux Kernel>=4.20<5.4.269
Linux Kernel>=5.5<5.10.210
Linux Kernel>=5.11<5.15.149
Linux Kernel>=5.16<6.1.76
Linux Kernel>=6.2<6.6.15
Linux Kernel>=6.7<6.7.3
Linux Kernel=6.8-rc1
debian/linux
5.10.223-1
5.10.226-1
6.1.123-1
6.1.119-1
6.12.11-1
6.12.12-1

Remedy

https://git.kernel.org/stable/c/1fea9969b81c67d0cb1611d1b8b7d19049d937be

Remedy

https://git.kernel.org/stable/c/27aea64838914c6122db5b8bd4bed865c9736f22

Remedy

https://git.kernel.org/stable/c/5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d

Remedy

https://git.kernel.org/stable/c/68b888d51ac82f2b96bf5e077a31d76afcdef25a

Remedy

https://git.kernel.org/stable/c/6994dba06321e3c48fdad0ba796a063d9d82183a

Remedy

https://git.kernel.org/stable/c/8f3f9186e5bb96a9c9654c41653210e3ea7e48a6

Remedy

https://git.kernel.org/stable/c/a164c2922675d7051805cdaf2b07daffe44f20d9

Remedy

https://git.kernel.org/stable/c/dbc153fd3c142909e564bb256da087e13fbf239c

Remedy

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Remedy

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-26615?

    CVE-2024-26615 is considered a high severity vulnerability due to the potential for system crashes when dumping SMC-D connections.

  • How do I fix CVE-2024-26615?

    To fix CVE-2024-26615, update your Linux kernel to versions 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.76, 6.6.15, or 6.8.

  • Which Linux kernel versions are affected by CVE-2024-26615?

    CVE-2024-26615 affects multiple Linux kernel versions, including those before 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.76, and 6.6.15.

  • What component of the Linux kernel is impacted by CVE-2024-26615?

    CVE-2024-26615 impacts the net/smc component related to SMC-D connection dumping.

  • Can CVE-2024-26615 lead to denial of service?

    Yes, CVE-2024-26615 can result in a denial of service condition due to crashes caused during SMC-D connection dumps.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203