CVE-2024-26595
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path
When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon 'region->group->tcam' [1].
Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam().
[1] BUG: kernel NULL pointer dereference, address: 0000000000000000 […] RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0 […] Call Trace: mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 22a677661f5624539d394f681276171f92d714df < 75fa2d8b3c0175b519c99ace54ab8474cfd0077e | affected |
| Linux | Linux | 22a677661f5624539d394f681276171f92d714df < 817840d125a370626895df269c50c923b79b0a39 | affected |
| Linux | Linux | 22a677661f5624539d394f681276171f92d714df < d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f | affected |
| Linux | Linux | 22a677661f5624539d394f681276171f92d714df < efeb7dfea8ee10cdec11b6b6ba4e405edbe75809 | affected |
| Linux | Linux | 4.11 | affected |
| Linux | Linux | 0 < 4.11 | unaffected |
| Linux | Linux | 6.1.120 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.14 <= 6.6.* | unaffected |
| Linux | Linux | 6.7.2 <= 6.7.* | unaffected |
| Linux | Linux | 6.8 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/817840d125a370626895df269c50c923b79b0a39
- https://git.kernel.org/stable/c/d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f
- https://git.kernel.org/stable/c/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
References
- https://git.kernel.org/stable/c/75fa2d8b3c0175b519c99ace54ab8474cfd0077e
- https://git.kernel.org/stable/c/817840d125a370626895df269c50c923b79b0a39
- https://git.kernel.org/stable/c/d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f
- https://git.kernel.org/stable/c/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.