medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-50147: net/mlx5: Fix command bitmask initialization

First published: Thu Nov 07 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGE_PAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGE_PAGES. In addition, mlx5_cmd_trigger_completions() is trying to trigger completion for MANAGE_PAGES command as well. Hence, in case health error occurred before any MANAGE_PAGES command have been invoke (for example, during mlx5_enable_hca()), mlx5_cmd_trigger_completions() will try to trigger completion for MANAGE_PAGES command, which will result in null-ptr-deref error.[1] Fix it by Initialize command bitmask correctly. While at it, re-write the code for better understanding. [1] BUG: KASAN: null-ptr-deref in mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core] Write of size 4 at addr 0000000000000214 by task kworker/u96:2/12078 CPU: 10 PID: 12078 Comm: kworker/u96:2 Not tainted 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core] Call Trace: <TASK> dump_stack_lvl+0x7e/0xc0 kasan_report+0xb9/0xf0 kasan_check_range+0xec/0x190 mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core] mlx5_cmd_flush+0x94/0x240 [mlx5_core] enter_error_state+0x6c/0xd0 [mlx5_core] mlx5_fw_fatal_reporter_err_work+0xf3/0x480 [mlx5_core] process_one_work+0x787/0x1490 ? lockdep_hardirqs_on_prepare+0x400/0x400 ? pwq_dec_nr_in_flight+0xda0/0xda0 ? assign_work+0x168/0x240 worker_thread+0x586/0xd30 ? rescuer_thread+0xae0/0xae0 kthread+0x2df/0x3b0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x2d/0x70 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork_asm+0x11/0x20 </TASK>

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=6.1<6.1.115
Linux Kernel>=6.2<6.6.59
Linux Kernel>=6.7<6.11.6
Linux Kernel=6.12-rc1
Linux Kernel=6.12-rc2
Linux Kernel=6.12-rc3

Remedy

https://git.kernel.org/stable/c/2feac1e562be0efc621a6722644a90f355d53473

Remedy

https://git.kernel.org/stable/c/d1606090bb294cecb7de3c4ed177f5aa0abd4c4e

Remedy

https://git.kernel.org/stable/c/d62b14045c6511a7b2d4948d1a83a4e592deeb05

Remedy

https://git.kernel.org/stable/c/d88564c79d1cedaf2655f12261eca0d2796bde4e

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-50147?

    The severity of CVE-2024-50147 has not been explicitly rated but involves a technical flaw in the Linux kernel's command bitmask initialization.

  • How does CVE-2024-50147 affect Linux kernel users?

    CVE-2024-50147 affects certain versions of the Linux kernel by potentially leading to mismanagement of command bits.

  • How do I fix CVE-2024-50147?

    To fix CVE-2024-50147, users should upgrade their Linux kernel to a patched version that addresses the command bitmask initialization issue.

  • Which versions of the Linux kernel are affected by CVE-2024-50147?

    CVE-2024-50147 affects Linux kernel versions between 6.1 and 6.12-rc3, including several specific release candidates.

  • Is CVE-2024-50147 exploitable?

    While the specifics of exploitation are not detailed, vulnerabilities in command bitmask initialization can have security implications.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203