CVE-2024-50297: net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts
First published: Tue Nov 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts Enqueue packets in dql after dma engine starts causes race condition. Tx transfer starts once dma engine is started and may execute dql dequeue in completion before it gets queued. It results in following kernel crash while running iperf stress test: kernel BUG at lib/dynamic_queue_limits.c:99! <snip> Internal error: Oops - BUG: 00000000f2000800 [#1] SMP pc : dql_completed+0x238/0x248 lr : dql_completed+0x3c/0x248 Call trace: dql_completed+0x238/0x248 axienet_dma_tx_cb+0xa0/0x170 xilinx_dma_do_tasklet+0xdc/0x290 tasklet_action_common+0xf8/0x11c tasklet_action+0x30/0x3c handle_softirqs+0xf8/0x230 <snip> Start dmaengine after enqueue in dql fixes the crash.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.8<6.11.8 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 | |
| Linux Kernel | =6.12-rc5 | |
| Linux Kernel | =6.12-rc6 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.22-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/def3dee25cbd1c9b2ed443c3f6180e952563de77
- https://git.kernel.org/stable/c/5ccdcdf186aec6b9111845fd37e1757e9b413e2f
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50297
- https://nvd.nist.gov/vuln/detail/CVE-2024-50297
- https://launchpad.net/bugs/cve/CVE-2024-50297
- https://security-tracker.debian.org/tracker/CVE-2024-50297
- https://ubuntu.com/security/CVE-2024-50297
- https://git.kernel.org/linus/5ccdcdf186aec6b9111845fd37e1757e9b413e2f
Frequently Asked Questions
What is the severity of CVE-2024-50297?
CVE-2024-50297 has been classified with a severity that indicates a potential race condition in the Linux kernel's handling of Tx packets.
How do I fix CVE-2024-50297?
To remediate CVE-2024-50297, update to a patched version of the Linux kernel, such as those released after 6.12.15-1.
Which versions of the Linux kernel are affected by CVE-2024-50297?
CVE-2024-50297 affects Linux kernel versions from 6.8 to 6.11.8, as well as specific 6.12 release candidates.
What are the potential impacts of CVE-2024-50297?
The vulnerability can lead to unexpected behavior and potential security breaches due to a race condition during packet transfer.
Is CVE-2024-50297 specific to any Linux distribution?
CVE-2024-50297 affects the Linux kernel and is not limited to any specific distribution, though it requires patching to the kernel version.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/source
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.8
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4
- version/linux kernel/6.12-rc5
- version/linux kernel/6.12-rc6
- package-manager/debian