CVE-2024-46857
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix bridge mode operations when there are no VFs
Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash:
bridge link set dev eth2 hwmode vepa
[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 […] [ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core] […] [ 168.976037] Call Trace: [ 168.976188] <TASK> [ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core] [ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core] [ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0 [ 168.979714] rtnetlink_rcv_msg+0x159/0x400 [ 168.980451] netlink_rcv_skb+0x54/0x100 [ 168.980675] netlink_unicast+0x241/0x360 [ 168.980918] netlink_sendmsg+0x1f6/0x430 [ 168.981162] ____sys_sendmsg+0x3bb/0x3f0 [ 168.982155] ___sys_sendmsg+0x88/0xd0 [ 168.985036] __sys_sendmsg+0x59/0xa0 [ 168.985477] do_syscall_64+0x79/0x150 [ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 168.987773] RIP: 0033:0x7f8f7950f917
(esw->fdb_table.legacy.vepa_fdb is null)
The bridge mode is only relevant when there are multiple functions per port. Therefore, prevent setting and getting this setting when there are no VFs.
Note that after this change, there are no settings to change on the PF
interface using bridge link when there are no VFs, so the interface no
longer appears in the bridge link output.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 4b89251de024fb85329e4cbd8fbea551ae6c665c < 52c4beb79e095e0631b5cac46ed48a2aefe51985 | affected |
| Linux | Linux | 4b89251de024fb85329e4cbd8fbea551ae6c665c < 65feee671e37f3b6eda0b6af28f204b5bcf7fa50 | affected |
| Linux | Linux | 4b89251de024fb85329e4cbd8fbea551ae6c665c < 505ae01f75f839b54329164bbfecf24cc1361b31 | affected |
| Linux | Linux | 4b89251de024fb85329e4cbd8fbea551ae6c665c < b1d305abef4640af1b4f1b4774d513cd81b10cfc | affected |
| Linux | Linux | 5.1 | affected |
| Linux | Linux | 0 < 5.1 | unaffected |
| Linux | Linux | 6.1.111 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.52 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.11 <= 6.10.* | unaffected |
| Linux | Linux | 6.11 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985
- https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50
- https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31
- https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.