CVE-2024-42268

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-42268
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlink_remote_reload_actions_performed() which results in triggering lock assert like the following: WARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50 … CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116 Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015 Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core] RIP: 0010:devl_assert_locked+0x3e/0x50 … Call Trace: <TASK> ? __warn+0xa4/0x210 ? devl_assert_locked+0x3e/0x50 ? report_bug+0x160/0x280 ? handle_bug+0x3f/0x80 ? exc_invalid_op+0x17/0x40 ? asm_exc_invalid_op+0x1a/0x20 ? devl_assert_locked+0x3e/0x50 devlink_notify+0x88/0x2b0 ? mlx5_attach_device+0x20c/0x230 [mlx5_core] ? __pfx_devlink_notify+0x10/0x10 ? process_one_work+0x4b6/0xbb0 process_one_work+0x4b6/0xbb0 […]

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5 Patch
https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 Patch
https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002 Patch
https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
History

19 Aug 2024, 20:52

Type Values Removed Values Added
First Time Linux
Linux linux Kernel
CPE cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-667
References () https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5 - () https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5 - Patch
References () https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 - () https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 - Patch
References () https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002 - () https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002 - Patch
References () https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e - () https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e - Patch

19 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net/mlx5: se corrigió el bloqueo faltante en la recarga de reinicio de sincronización. En el trabajo de recarga de reinicio de sincronización, cuando el host remoto actualiza devlink en las acciones de recarga realizadas en ese host, no toma el bloqueo de devlink antes de llamar a devlink_remote_reload_actions_performed. () lo que da como resultado la activación de un bloqueo como el siguiente: ADVERTENCIA: CPU: 4 PID: 1164 en net/devlink/core.c:261 devl_assert_locked+0x3e/0x50 … CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted : GSW 6.10.0-rc2+ #116 Nombre del hardware: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 18/12/2015 Cola de trabajo: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core] RIP: devl_assert_locked+0x3e/0x50 … Seguimiento de llamadas: ? __advertir+0xa4/0x210 ? devl_assert_locked+0x3e/0x50? report_bug+0x160/0x280? handle_bug+0x3f/0x80? exc_invalid_op+0x17/0x40? asm_exc_invalid_op+0x1a/0x20? devl_assert_locked+0x3e/0x50 devlink_notify+0x88/0x2b0? mlx5_attach_device+0x20c/0x230 [mlx5_core] ? __pfx_devlink_notify+0x10/0x10? proceso_one_work+0x4b6/0xbb0 proceso_one_work+0x4b6/0xbb0 […]

17 Aug 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-17 09:15

Updated : 2024-08-19 20:52

NVD link : CVE-2024-42268

Mitre link : CVE-2024-42268

CVE.ORG link : CVE-2024-42268

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-667

Improper Locking


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024