CVE-2024-44970

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible to receive CQEs with 0 consumed strides for the same WQE even after the WQE is fully consumed and unlinked. This triggers an additional unlink for the same wqe which corrupts the linked list. Fix this scenario by accepting 0 sized consumed strides without unlinking the WQE again.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

03 Oct 2024, 14:22

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9 - () https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9 - Patch
References () https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76 - () https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76 - Patch
References () https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78 - () https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78 - Patch
References () https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30 - () https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30 - Patch
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

05 Sep 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: SHAMPO, soluciona la desvinculación de la lista enlazada de WQ no válida Cuando se han consumido todos los pasos en un WQE, el WQE se desvincula de la lista enlazada de WQ (mlx5_wq_ll_pop()). Para SHAMPO, es posible recibir CQE con 0 pasos consumidos para el mismo WQE incluso después de que el WQE se haya consumido por completo y se haya desvinculado. Esto desencadena una desvinculación adicional para el mismo wqe que corrompe la lista enlazada. Solucione este escenario aceptando pasos consumidos de tamaño 0 sin desvincular el WQE nuevamente.

04 Sep 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-04 19:15

Updated : 2024-10-03 14:22


NVD link : CVE-2024-44970

Mitre link : CVE-2024-44970

CVE.ORG link : CVE-2024-44970


JSON object : View

Products Affected

linux

  • linux_kernel