CVE-2024-50001

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA mapping was established The multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This could fail, e.g. under memory pressure, when the IOMMU driver just can't allocate more memory for page tables. While the code tries to handle this in the path below the err_unmap label it erroneously unmaps one entry from the sq's FIFO list of active mappings. Since the current map attempt failed this unmap is removing some random DMA mapping that might still be required. If the PCI function now presents that IOVA, the IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI function in error state. The erroneous behavior was seen in a stress-test environment that created memory pressure.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/26fad69b34fcba80d5c7d9e651f628e6ac927754	Patch
https://git.kernel.org/stable/c/2bcae12c795f32ddfbf8c80d1b5f1d3286341c32	Patch
https://git.kernel.org/stable/c/8bb8c12fb5e2b1f03d603d493c92941676f109b5	Patch
https://git.kernel.org/stable/c/ca36d6c1a49b6965c86dd528a73f38bc62d9c625	Patch
https://git.kernel.org/stable/c/ce828b347cf1b3c1b12b091d02463c35ce5097f5	Patch
https://git.kernel.org/stable/c/ecf310aaf256acbc8182189fe0aa1021c3ddef72	Patch
https://git.kernel.org/stable/c/fc357e78176945ca7bcacf92ab794b9ccd41b4f4	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::

History

No history.

Information

Published : 2024-10-21 18:15

Updated : 2024-10-30 21:59

NVD link : CVE-2024-50001

Mitre link : CVE-2024-50001

CVE.ORG link : CVE-2024-50001

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-755

Improper Handling of Exceptional Conditions

{"id": "CVE-2024-50001", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-10-21T18:15:20.130", "references": [{"url": "https://git.kernel.org/stable/c/26fad69b34fcba80d5c7d9e651f628e6ac927754", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2bcae12c795f32ddfbf8c80d1b5f1d3286341c32", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8bb8c12fb5e2b1f03d603d493c92941676f109b5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ca36d6c1a49b6965c86dd528a73f38bc62d9c625", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ce828b347cf1b3c1b12b091d02463c35ce5097f5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ecf310aaf256acbc8182189fe0aa1021c3ddef72", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fc357e78176945ca7bcacf92ab794b9ccd41b4f4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix error path in multi-packet WQE transmit\n\nRemove the erroneous unmap in case no DMA mapping was established\n\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for\nthe skb. This could fail, e.g. under memory pressure, when the IOMMU\ndriver just can't allocate more memory for page tables. While the code\ntries to handle this in the path below the err_unmap label it erroneously\nunmaps one entry from the sq's FIFO list of active mappings. Since the\ncurrent map attempt failed this unmap is removing some random DMA mapping\nthat might still be required. If the PCI function now presents that IOVA,\nthe IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI\nfunction in error state.\n\nThe erroneous behavior was seen in a stress-test environment that created\nmemory pressure."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Corregir ruta de error en transmisi\u00f3n WQE de paquetes m\u00faltiples Eliminar la desasignaci\u00f3n err\u00f3nea en caso de que no se haya establecido una asignaci\u00f3n DMA El c\u00f3digo de transmisi\u00f3n WQE de paquetes m\u00faltiples intenta obtener una asignaci\u00f3n DMA para el skb. Esto podr\u00eda fallar, por ejemplo, bajo presi\u00f3n de memoria, cuando el controlador IOMMU simplemente no puede asignar m\u00e1s memoria para las tablas de p\u00e1ginas. Si bien el c\u00f3digo intenta manejar esto en la ruta debajo de la etiqueta err_unmap, desasigna err\u00f3neamente una entrada de la lista FIFO de asignaciones activas del sq. Dado que el intento de asignaci\u00f3n actual fall\u00f3, esta desasignaci\u00f3n est\u00e1 eliminando alguna asignaci\u00f3n DMA aleatoria que a\u00fan podr\u00eda ser necesaria. Si la funci\u00f3n PCI ahora presenta ese IOVA, el IOMMU puede asumir un acceso DMA no autorizado y, por ejemplo, en s390 pone la funci\u00f3n PCI en estado de error. El comportamiento err\u00f3neo se observ\u00f3 en un entorno de prueba de estr\u00e9s que cre\u00f3 presi\u00f3n de memoria."}], "lastModified": "2024-10-30T21:59:44.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "658E9248-9CAC-4A1E-A483-039DF6CCAF8C", "versionEndExcluding": "5.10.227", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0", "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}