CVE-2024-46857

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix bridge mode operations when there are no VFs

Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash:

bridge link set dev eth2 hwmode vepa

[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 […] [ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core] […] [ 168.976037] Call Trace: [ 168.976188] <TASK> [ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core] [ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core] [ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0 [ 168.979714] rtnetlink_rcv_msg+0x159/0x400 [ 168.980451] netlink_rcv_skb+0x54/0x100 [ 168.980675] netlink_unicast+0x241/0x360 [ 168.980918] netlink_sendmsg+0x1f6/0x430 [ 168.981162] ____sys_sendmsg+0x3bb/0x3f0 [ 168.982155] ___sys_sendmsg+0x88/0xd0 [ 168.985036] __sys_sendmsg+0x59/0xa0 [ 168.985477] do_syscall_64+0x79/0x150 [ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 168.987773] RIP: 0033:0x7f8f7950f917

(esw->fdb_table.legacy.vepa_fdb is null)

The bridge mode is only relevant when there are multiple functions per port. Therefore, prevent setting and getting this setting when there are no VFs.

Note that after this change, there are no settings to change on the PF interface using bridge link when there are no VFs, so the interface no longer appears in the bridge link output.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4b89251de024fb85329e4cbd8fbea551ae6c665c < 52c4beb79e095e0631b5cac46ed48a2aefe51985affected
LinuxLinux4b89251de024fb85329e4cbd8fbea551ae6c665c < 65feee671e37f3b6eda0b6af28f204b5bcf7fa50affected
LinuxLinux4b89251de024fb85329e4cbd8fbea551ae6c665c < 505ae01f75f839b54329164bbfecf24cc1361b31affected
LinuxLinux4b89251de024fb85329e4cbd8fbea551ae6c665c < b1d305abef4640af1b4f1b4774d513cd81b10cfcaffected
LinuxLinux5.1affected
LinuxLinux0 < 5.1unaffected
LinuxLinux6.1.111 <= 6.1.*unaffected
LinuxLinux6.6.52 <= 6.6.*unaffected
LinuxLinux6.10.11 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References