CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload
First published: Sat Aug 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlink_remote_reload_actions_performed() which results in triggering lock assert like the following: WARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50 … CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116 Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015 Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core] RIP: 0010:devl_assert_locked+0x3e/0x50 … Call Trace: <TASK> ? __warn+0xa4/0x210 ? devl_assert_locked+0x3e/0x50 ? report_bug+0x160/0x280 ? handle_bug+0x3f/0x80 ? exc_invalid_op+0x17/0x40 ? asm_exc_invalid_op+0x1a/0x20 ? devl_assert_locked+0x3e/0x50 devlink_notify+0x88/0x2b0 ? mlx5_attach_device+0x20c/0x230 [mlx5_core] ? __pfx_devlink_notify+0x10/0x10 ? process_one_work+0x4b6/0xbb0 process_one_work+0x4b6/0xbb0 […]
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.0<6.1.104 | |
| Linux Kernel | >=6.2<6.6.45 | |
| Linux Kernel | >=6.7<6.10.4 | |
| Linux Kernel | =6.11-rc1 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1 | |
| debian/linux-6.1 | 6.1.119-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5
- https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9
- https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002
- https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42268
- https://nvd.nist.gov/vuln/detail/CVE-2024-42268
- https://launchpad.net/bugs/cve/CVE-2024-42268
- https://security-tracker.debian.org/tracker/CVE-2024-42268
- https://ubuntu.com/security/CVE-2024-42268
- https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9
Frequently Asked Questions
What is the severity of CVE-2024-42268?
CVE-2024-42268 is classified as a vulnerability in the Linux kernel that involves a missing lock during sync reset reload.
How do I fix CVE-2024-42268?
To fix CVE-2024-42268, update your Linux kernel to a patched version that resolves the missing lock issue.
Which versions of the Linux kernel are affected by CVE-2024-42268?
CVE-2024-42268 affects Linux kernel versions between 6.0 and 6.1.104, and versions from 6.2 to 6.6.45, 6.7 to 6.10.4, and specific release candidates like 6.11-rc1.
Is there a specific patched version for CVE-2024-42268?
Yes, patched versions of the Linux kernel include 5.10.223-1, 6.1.119-1, and later specific releases.
What type of issue does CVE-2024-42268 represent in the Linux kernel?
CVE-2024-42268 represents a concurrent access issue caused by a missing lock, which could potentially lead to inconsistent state during operations.
- agent/title
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.0
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.11-rc1
- package-manager/debian