fkie_cve-2024-43864
Vulnerability from fkie_nvd
Published
2024-08-21 00:15
Modified
2024-08-21 12:30
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks of modify header context The cited commit allocates a new modify header to replace the old one when updating CT entry. But if failed to allocate a new one, eg. exceed the max number firmware can support, modify header will be an error pointer that will trigger a panic when deallocating it. And the old modify header point is copied to old attr. When the old attr is freed, the old modify header is lost. Fix it by restoring the old attr to attr when failed to allocate a new modify header context. So when the CT entry is freed, the right modify header context will be freed. And the panic of accessing error pointer is also fixed.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59
Impacted products
Vendor Product Version


To clipboard 

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.",
      },
      {
         lang: "es",
         value: "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: corrige las fugas de actualización de la entrada CT del contexto del encabezado de modificación. El commit citada asigna un nuevo encabezado de modificación para reemplazar el anterior al actualizar la entrada CT. Pero si no se pudo asignar uno nuevo, por ejemplo. Si excede el número máximo que el firmware puede admitir, modificar el encabezado será un indicador de error que provocará pánico al desasignarlo. Y el punto de encabezado de modificación anterior se copia al atributo anterior. Cuando se libera el antiguo atributo, el antiguo encabezado de modificación se pierde. Solucionelo restaurando el antiguo atributo a attr cuando no se pudo asignar un nuevo contexto de encabezado de modificación. Entonces, cuando se libera la entrada CT, se liberará el contexto del encabezado de modificación derecho. Y el pánico al acceder al puntero de error también se soluciona.",
      },
   ],
   id: "CVE-2024-43864",
   lastModified: "2024-08-21T12:30:33.697",
   metrics: {},
   published: "2024-08-21T00:15:04.910",
   references: [
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59",
      },
   ],
   sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   vulnStatus: "Awaiting Analysis",
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.