CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules
First published: Fri Jun 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules rx_create no longer allocates a modify_hdr instance that needs to be cleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer dereference. A leak in the rules also previously occurred since there are now two rules populated related to status. BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 109907067 P4D 109907067 PUD 116890067 PMD 0 Oops: 0000 [#1] SMP CPU: 1 PID: 484 Comm: ip Not tainted 6.9.0-rc2-rrameshbabu+ #254 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.3-1-1 04/01/2014 RIP: 0010:mlx5_modify_header_dealloc+0xd/0x70 <snip> Call Trace: <TASK> ? show_regs+0x60/0x70 ? __die+0x24/0x70 ? page_fault_oops+0x15f/0x430 ? free_to_partial_list.constprop.0+0x79/0x150 ? do_user_addr_fault+0x2c9/0x5c0 ? exc_page_fault+0x63/0x110 ? asm_exc_page_fault+0x27/0x30 ? mlx5_modify_header_dealloc+0xd/0x70 rx_create+0x374/0x590 rx_add_rule+0x3ad/0x500 ? rx_add_rule+0x3ad/0x500 ? mlx5_cmd_exec+0x2c/0x40 ? mlx5_create_ipsec_obj+0xd6/0x200 mlx5e_accel_ipsec_fs_add_rule+0x31/0xf0 mlx5e_xfrm_add_state+0x426/0xc00 <snip>
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=6.6.8<6.6.33 | |
| Linux Linux kernel | >=6.7<6.9.4 | |
| Linux Linux kernel | =6.10-rc2 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/16d66a4fa81da07bc4ed19f4e53b87263c2f8d38
- https://git.kernel.org/stable/c/b0a15cde37a8388e57573686f650a17208ae1212
- https://git.kernel.org/stable/c/cc9ac559f2e21894c21ac5b0c85fb24a5cab266c
- https://launchpad.net/bugs/cve/CVE-2024-36281
- https://git.kernel.org/linus/16d66a4fa81da07bc4ed19f4e53b87263c2f8d38
- https://security-tracker.debian.org/tracker/CVE-2024-36281
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36281
- https://nvd.nist.gov/vuln/detail/CVE-2024-36281
- https://ubuntu.com/security/CVE-2024-36281
- agent/title
- agent/type
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/remedy
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/6.6.8
- version/linux linux kernel/6.7
- version/linux linux kernel/6.10-rc2
- package-manager/debian