-

CVE-2024-36006

EPSS 0.04%
Veröffentlicht 20.05.2024 10:15:14
Zuletzt bearbeitet 21.11.2024 09:21:24
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

mlxsw: spectrum_acl_tcam: Fix incorrect list API usage

Both the function that migrates all the chunks within a region and the
function that migrates all the entries within a chunk call
list_first_entry() on the respective lists without checking that the
lists are not empty. This is incorrect usage of the API, which leads to
the following warning [1].

Fix by returning if the lists are empty as there is nothing to migrate
in this case.

[1]
WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0>
Modules linked in:
CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39
Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019
Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work
RIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0
[...]
Call Trace:
 <TASK>
 mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0
 process_one_work+0x151/0x370
 worker_thread+0x2cb/0x3e0
 kthread+0xd0/0x100
 ret_from_fork+0x34/0x50
 ret_from_fork_asm+0x1a/0x30
 </TASK>

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 0b2c13b670b168e324e1cf109e67056a20fd610a

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < 09846c2309b150b8ce4e0ce96f058197598fc530

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < 64435b64e43d8ee60faa46c0cd04e323e8b2a7b0

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < 4526a56e02da3725db979358964df9cd9c567154

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < ab4ecfb627338e440ae11def004c524a00d93e40

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < af8b593c3dd9df82cb199be65863af004b09fd97

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

Version < b377add0f0117409c418ddd6504bd682ebe0bf79

Version 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.1

Status affected

Version < 5.1

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.275

Status unaffected

Version <= 5.10.*

Version 5.10.216

Status unaffected

Version <= 5.15.*

Version 5.15.158

Status unaffected

Version <= 6.1.*

Version 6.1.90

Status unaffected

Version <= 6.6.*

Version 6.6.30

Status unaffected

Version <= 6.8.*

Version 6.8.9

Status unaffected

Version <= *

Version 6.9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.121

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530

https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a

https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154

https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0

https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40

https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97

https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79

https://nvd.nist.gov/vuln/detail/CVE-2024-36006

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36006

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36006

EUVD