CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree
First published: Mon May 20 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle tries hard to find and reference already existing identical rules instead of creating new ones. These two behaviors can result in a situation where create_flow_handle 1) creates a new rule and references it, then 2) in a subsequent step during the same handle creation references it again, resulting in a rule with a refcount of 2 that is not linked into the tree, will have a NULL parent and root and will result in a crash when the flow group is deleted because del_sw_hw_rule, invoked on rule deletion, assumes node->parent is != NULL. This happened in the wild, due to another bug related to incorrect handling of duplicate pkt_reformat ids, which lead to the code in create_flow_handle incorrectly referencing a just-added rule in the same flow handle, resulting in the problem described above. Full details are at [1]. This patch changes add_rule_fg to add new rules without parents into the tree, properly initializing them and avoiding the crash. This makes it more consistent with how rules are added to an FTE in create_flow_handle.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <4.19.313 | 4.19.313 |
| redhat/kernel | <5.4.275 | 5.4.275 |
| redhat/kernel | <5.10.216 | 5.10.216 |
| redhat/kernel | <5.15.156 | 5.15.156 |
| redhat/kernel | <6.1.87 | 6.1.87 |
| redhat/kernel | <6.6.28 | 6.6.28 |
| redhat/kernel | <6.8.7 | 6.8.7 |
| redhat/kernel | <6.9 | 6.9 |
| Linux Kernel | >=4.10<4.19.313 | |
| Linux Kernel | >=4.20<5.4.275 | |
| Linux Kernel | >=5.5<5.10.216 | |
| Linux Kernel | >=5.11<5.15.156 | |
| Linux Kernel | >=5.16<6.1.87 | |
| Linux Kernel | >=6.2<6.6.28 | |
| Linux Kernel | >=6.7<6.8.7 | |
| Linux Kernel | =6.9-rc1 | |
| Linux Kernel | =6.9-rc2 | |
| Linux Kernel | =6.9-rc3 | |
| Debian Linux | =10.0 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.22-1 6.12.25-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a2479573a351d423
- https://git.kernel.org/stable/c/2e8dc5cffc844dacfa79f056dea88002312f253f
- https://git.kernel.org/stable/c/3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801
- https://git.kernel.org/stable/c/5cf5337ef701830f173b4eec00a4f984adeb57a0
- https://git.kernel.org/stable/c/7aaee12b804c5e0374e7b132b6ec2158ff33dd64
- https://git.kernel.org/stable/c/7c6782ad4911cbee874e85630226ed389ff2e453
- https://git.kernel.org/stable/c/adf67a03af39095f05d82050f15813d6f700159d
- https://git.kernel.org/stable/c/de0139719cdda82806a47580ca0df06fc85e0bd2
- https://launchpad.net/bugs/cve/CVE-2024-35960
- https://access.redhat.com/security/cve/CVE-2024-35960
- https://lore.kernel.org/linux-cve-announce/2024052020-CVE-2024-35960-2eaa@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2281921
- https://access.redhat.com/errata/RHSA-2024:4106
- https://access.redhat.com/errata/RHSA-2024:4108
- https://access.redhat.com/errata/RHSA-2024:4211
- https://access.redhat.com/errata/RHSA-2024:4352
- https://access.redhat.com/errata/RHSA-2024:4349
- https://access.redhat.com/errata/RHSA-2024:4740
- https://access.redhat.com/errata/RHSA-2024:4902
- https://bugzilla.redhat.com/show_bug.cgi?id=2281920
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960
- https://nvd.nist.gov/vuln/detail/CVE-2024-35960
- https://security-tracker.debian.org/tracker/CVE-2024-35960
- https://ubuntu.com/security/CVE-2024-35960
- https://git.kernel.org/linus/7c6782ad4911cbee874e85630226ed389ff2e453
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-35960?
CVE-2024-35960 has a severity rating that indicates it poses potential security risks to systems using affected versions of the Linux kernel.
How do I fix CVE-2024-35960?
To mitigate CVE-2024-35960, update your Linux kernel to a version that includes the fix, such as 4.19.313, 5.4.275, 5.10.216, 5.15.156, 6.1.87, or later versions.
Which Linux kernel versions are affected by CVE-2024-35960?
CVE-2024-35960 affects multiple Linux kernel versions, specifically those prior to 4.19.313, 5.4.275, 5.10.216, 5.15.156, 6.1.87, and others listed in remediation.
Is there a known exploit for CVE-2024-35960?
As of now, there is no publicly disclosed exploitation of CVE-2024-35960, but it is recommended to apply patches as a precaution.
What systems are most at risk from CVE-2024-35960?
Systems running unpatched versions of the Linux kernel that utilize the affected features are at risk from CVE-2024-35960.
- agent/title
- agent/type
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- agent/weakness
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-35960
- agent/software-canonical-lookup
- agent/trending
- collector/mitre-cve
- source/MITRE
- collector/nvd-cve
- source/NVD
- agent/remedy
- collector/nvd-api
- agent/last-modified-date
- agent/references
- agent/source
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup-request
- agent/tags
- agent/description
- agent/event
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.10
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.9-rc1
- version/linux kernel/6.9-rc2
- version/linux kernel/6.9-rc3
- vendor/debian
- canonical/debian linux
- version/debian linux/10.0
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2
- package-manager/debian