CVE-2024-36021 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during pf initialization The devlink reload process will access the hardware resources, but the register operation is done before the hardware is initialized. So, processing the devlink reload during initialization may lead to kernel crash. This patch fixes this by taking devl_lock during initialization.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86
https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3
https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5
https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a
https://lore.kernel.org/linux-cve-announce/2024053044-CVE-2024-36021-f196@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-36021
https://www.cve.org/CVERecord?id=CVE-2024-36021

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-30T14:59:45.757Z

Updated: 2024-12-19T09:00:40.877Z

Reserved: 2024-05-17T13:50:33.157Z

Link: CVE-2024-36021

Vulnrichment

Updated: 2024-08-02T03:30:13.010Z

NVD

Status : Awaiting Analysis

Published: 2024-05-30T15:15:49.193

Modified: 2024-11-21T09:21:27.280

Link: CVE-2024-36021

Redhat

Severity : Moderate

Publid Date: 2024-05-30T00:00:00Z

Links: CVE-2024-36021 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36021", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.157Z", "datePublished": "2024-05-30T14:59:45.757Z", "dateUpdated": "2024-12-19T09:00:40.877Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:00:40.877Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during pf initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash. This patch fixes this by taking devl_lock during initialization."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c"], "versions": [{"version": "b741269b275953786832805df329851299ab4de7", "lessThan": "50b69054f455dcdb34bd6b22764c7579b270eef3", "status": "affected", "versionType": "git"}, {"version": "b741269b275953786832805df329851299ab4de7", "lessThan": "1b550dae55901c2cc9075d6a7155a71b4f516e86", "status": "affected", "versionType": "git"}, {"version": "b741269b275953786832805df329851299ab4de7", "lessThan": "7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5", "status": "affected", "versionType": "git"}, {"version": "b741269b275953786832805df329851299ab4de7", "lessThan": "93305b77ffcb042f1538ecc383505e87d95aa05a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.85", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3"}, {"url": "https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86"}, {"url": "https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5"}, {"url": "https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a"}], "title": "net: hns3: fix kernel crash when devlink reload during pf initialization", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-13T20:30:24.920798Z", "id": "CVE-2024-36021", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T20:30:52.255Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:13.010Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:13.010Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36021", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-13T20:30:24.920798Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T20:30:48.156Z"}}], "cna": {"title": "net: hns3: fix kernel crash when devlink reload during pf initialization", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b741269b2759", "lessThan": "50b69054f455", "versionType": "git"}, {"status": "affected", "version": "b741269b2759", "lessThan": "1b550dae5590", "versionType": "git"}, {"status": "affected", "version": "b741269b2759", "lessThan": "7ca0f73e5e2d", "versionType": "git"}, {"status": "affected", "version": "b741269b2759", "lessThan": "93305b77ffcb", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15"}, {"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "custom"}, {"status": "unaffected", "version": "6.1.85", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.26", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.5", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3"}, {"url": "https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86"}, {"url": "https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5"}, {"url": "https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during pf initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash. This patch fixes this by taking devl_lock during initialization."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-30T14:59:45.757Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36021", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:30:13.010Z", "dateReserved": "2024-05-17T13:50:33.157Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-30T14:59:45.757Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during pf initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash. This patch fixes this by taking devl_lock during initialization."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: soluciona el fallo del kernel cuando devlink se recarga durante la inicializaci\u00f3n de pf. El proceso de recarga de devlink acceder\u00e1 a los recursos de hardware, pero la operaci\u00f3n de registro se realiza antes de que se inicialice el hardware. Por lo tanto, procesar la recarga de devlink durante la inicializaci\u00f3n puede provocar una falla del kernel. Este parche soluciona este problema tomando devl_lock durante la inicializaci\u00f3n."}], "id": "CVE-2024-36021", "lastModified": "2024-11-21T09:21:27.280", "metrics": {}, "published": "2024-05-30T15:15:49.193", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}