-

CVE-2024-36006

EPSS 0.04%
Published 20.05.2024 10:15:14
Last modified 21.11.2024 09:21:24
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

mlxsw: spectrum_acl_tcam: Fix incorrect list API usage

Both the function that migrates all the chunks within a region and the
function that migrates all the entries within a chunk call
list_first_entry() on the respective lists without checking that the
lists are not empty. This is incorrect usage of the API, which leads to
the following warning [1].

Fix by returning if the lists are empty as there is nothing to migrate
in this case.

[1]
WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0>
Modules linked in:
CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39
Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019
Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work
RIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0
[...]
Call Trace:
 <TASK>
 mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0
 process_one_work+0x151/0x370
 worker_thread+0x2cb/0x3e0
 kthread+0xd0/0x100
 ret_from_fork+0x34/0x50
 ret_from_fork_asm+0x1a/0x30
 </TASK>

Affected products Warnungen 0 Metrics 1 CWE 0 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 0b2c13b670b168e324e1cf109e67056a20fd610a

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < 09846c2309b150b8ce4e0ce96f058197598fc530

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < 64435b64e43d8ee60faa46c0cd04e323e8b2a7b0

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < 4526a56e02da3725db979358964df9cd9c567154

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < ab4ecfb627338e440ae11def004c524a00d93e40

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < af8b593c3dd9df82cb199be65863af004b09fd97

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < b377add0f0117409c418ddd6504bd682ebe0bf79

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.1

Status affected

Version < 5.1

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.275

Status unaffected

Version <= 5.10.*

Version 5.10.216

Status unaffected

Version <= 5.15.*

Version 5.15.158

Status unaffected

Version <= 6.1.*

Version 6.1.90

Status unaffected

Version <= 6.6.*

Version 6.6.30

Status unaffected

Version <= 6.8.*

Version 6.8.9

Status unaffected

Version <= *

Version 6.9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.121

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530

https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a

https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154

https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0

https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40

https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97

https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79

https://nvd.nist.gov/vuln/detail/CVE-2024-36006

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36006

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36006

EUVD