CVE-2024-50001
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix error path in multi-packet WQE transmit
Remove the erroneous unmap in case no DMA mapping was established
The multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This could fail, e.g. under memory pressure, when the IOMMU driver just can't allocate more memory for page tables. While the code tries to handle this in the path below the err_unmap label it erroneously unmaps one entry from the sq's FIFO list of active mappings. Since the current map attempt failed this unmap is removing some random DMA mapping that might still be required. If the PCI function now presents that IOVA, the IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI function in error state.
The erroneous behavior was seen in a stress-test environment that created memory pressure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5af75c747e2a868abbf8611494b50ed5e076fca7 < ca36d6c1a49b6965c86dd528a73f38bc62d9c625 | affected |
| Linux | Linux | 5af75c747e2a868abbf8611494b50ed5e076fca7 < ce828b347cf1b3c1b12b091d02463c35ce5097f5 | affected |
| Linux | Linux | 5af75c747e2a868abbf8611494b50ed5e076fca7 < fc357e78176945ca7bcacf92ab794b9ccd41b4f4 | affected |
| Linux | Linux | 5af75c747e2a868abbf8611494b50ed5e076fca7 < 26fad69b34fcba80d5c7d9e651f628e6ac927754 | affected |
| Linux | Linux | 5af75c747e2a868abbf8611494b50ed5e076fca7 < ecf310aaf256acbc8182189fe0aa1021c3ddef72 | affected |
| Linux | Linux | 5af75c747e2a868abbf8611494b50ed5e076fca7 < 8bb8c12fb5e2b1f03d603d493c92941676f109b5 | affected |
| Linux | Linux | 5af75c747e2a868abbf8611494b50ed5e076fca7 < 2bcae12c795f32ddfbf8c80d1b5f1d3286341c32 | affected |
| Linux | Linux | 5.10 | affected |
| Linux | Linux | 0 < 5.10 | unaffected |
| Linux | Linux | 5.10.227 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.168 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.113 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.55 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.14 <= 6.10.* | unaffected |
| Linux | Linux | 6.11.3 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-355557.html
References
- https://git.kernel.org/stable/c/ca36d6c1a49b6965c86dd528a73f38bc62d9c625
- https://git.kernel.org/stable/c/ce828b347cf1b3c1b12b091d02463c35ce5097f5
- https://git.kernel.org/stable/c/fc357e78176945ca7bcacf92ab794b9ccd41b4f4
- https://git.kernel.org/stable/c/26fad69b34fcba80d5c7d9e651f628e6ac927754
- https://git.kernel.org/stable/c/ecf310aaf256acbc8182189fe0aa1021c3ddef72
- https://git.kernel.org/stable/c/8bb8c12fb5e2b1f03d603d493c92941676f109b5
- https://git.kernel.org/stable/c/2bcae12c795f32ddfbf8c80d1b5f1d3286341c32
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.