CVE-2024-46834

In the Linux kernel, the following vulnerability has been resolved: ethtool: fail closed if we can't get max channel used in indirection tables Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with active RSS contexts") proves that allowing indirection table to contain channels with out of bounds IDs may lead to crashes. Currently the max channel check in the core gets skipped if driver can't fetch the indirection table or when we can't allocate memory. Both of those conditions should be extremely rare but if they do happen we should try to be safe and fail the channel change.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036	Patch
https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-09-27 13:15

Updated : 2024-10-09 15:57

NVD link : CVE-2024-46834

Mitre link : CVE-2024-46834

CVE.ORG link : CVE-2024-46834

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-46834", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-09-27T13:15:15.660", "references": [{"url": "https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can't get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 (\"bnxt: fix crashes when reducing ring count with\nactive RSS contexts\") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can't fetch\nthe indirection table or when we can't allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ethtool: error cerrado si no podemos obtener el canal m\u00e1ximo usado en las tablas de indirecci\u00f3n. El commit 0d1b7d6c9274 (\"bnxt: corregir fallos al reducir el recuento de anillos con contextos RSS activos\") demuestra que permitir que la tabla de indirecci\u00f3n contenga canales con identificadores fuera de los l\u00edmites puede provocar fallos. Actualmente, la comprobaci\u00f3n del canal m\u00e1ximo en el n\u00facleo se omite si el controlador no puede obtener la tabla de indirecci\u00f3n o cuando no podemos asignar memoria. Ambas condiciones deber\u00edan ser extremadamente raras, pero si ocurren, debemos intentar ser seguros y fallar el cambio de canal."}], "lastModified": "2024-10-09T15:57:03.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75C6119D-9E8D-431D-813F-FE84579072CB", "versionEndExcluding": "6.10.10"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}