{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39506", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-25T14:23:23.752Z", "datePublished": "2024-07-12T12:20:38.298Z", "dateUpdated": "2024-11-05T09:32:37.717Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:32:37.717Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c"], "versions": [{"version": "1f233f327913", "lessThan": "87d6bdc006f0", "status": "affected", "versionType": "git"}, {"version": "1f233f327913", "lessThan": "dcc7440f32c7", "status": "affected", "versionType": "git"}, {"version": "1f233f327913", "lessThan": "cbf18d8128a7", "status": "affected", "versionType": "git"}, {"version": "1f233f327913", "lessThan": "a86490a3712c", "status": "affected", "versionType": "git"}, {"version": "1f233f327913", "lessThan": "f1ab15a09492", "status": "affected", "versionType": "git"}, {"version": "1f233f327913", "lessThan": "fd2b613bc4c5", "status": "affected", "versionType": "git"}, {"version": "1f233f327913", "lessThan": "a6f4d0ec170a", "status": "affected", "versionType": "git"}, {"version": "1f233f327913", "lessThan": "c44711b78608", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2"}, {"url": "https://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79"}, {"url": "https://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347"}, {"url": "https://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c"}, {"url": "https://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee"}, {"url": "https://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea"}, {"url": "https://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa"}, {"url": "https://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349"}], "title": "liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.306Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39506", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:06:54.651829Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:32:47.871Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.306Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39506", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:06:54.651829Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:12.473Z"}}], "cna": {"title": "liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1f233f327913", "lessThan": "87d6bdc006f0", "versionType": "git"}, {"status": "affected", "version": "1f233f327913", "lessThan": "dcc7440f32c7", "versionType": "git"}, {"status": "affected", "version": "1f233f327913", "lessThan": "cbf18d8128a7", "versionType": "git"}, {"status": "affected", "version": "1f233f327913", "lessThan": "a86490a3712c", "versionType": "git"}, {"status": "affected", "version": "1f233f327913", "lessThan": "f1ab15a09492", "versionType": "git"}, {"status": "affected", "version": "1f233f327913", "lessThan": "fd2b613bc4c5", "versionType": "git"}, {"status": "affected", "version": "1f233f327913", "lessThan": "a6f4d0ec170a", "versionType": "git"}, {"status": "affected", "version": "1f233f327913", "lessThan": "c44711b78608", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.15"}, {"status": "unaffected", "version": "0", "lessThan": "4.15", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.317", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.279", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.221", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.95", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2"}, {"url": "https://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79"}, {"url": "https://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347"}, {"url": "https://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c"}, {"url": "https://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee"}, {"url": "https://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea"}, {"url": "https://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa"}, {"url": "https://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:50:58.422Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39506", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:32:47.871Z", "dateReserved": "2024-06-25T14:23:23.752Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:20:38.298Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA0C2003-8954-406C-83EB-454FDEC08184", "versionEndExcluding": "4.19.317", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4E38E58-1B9F-4DF2-AD3D-A8BEAA2959D8", "versionEndExcluding": "5.4.279", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0", "versionEndExcluding": "5.10.221", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE", "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t ->disp_fn(rdisp->rinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: liquidio: ajusta una ruta de manejo de puntero NULL en lio_vf_rep_copy_packet En lio_vf_rep_copy_packet() pg_info->page se compara con un valor NULL, pero luego se pasa incondicionalmente a skb_add_rx_frag() lo cual parece extra\u00f1o y podr\u00eda provocar una desreferencia del puntero nulo. El seguimiento de llamadas de lio_vf_rep_copy_packet() se ve as\u00ed: octeon_droq_process_packets octeon_droq_fast_process_packets octeon_droq_dispatch_pkt octeon_create_recv_info ...buscar en la lista de despacho... ->disp_fn(rdisp->rinfo, ...) lio_vf_rep_pkt_recv(struct octeon_recv_info *rec v_info, ...) En este camino hay No hay ning\u00fan c\u00f3digo que establezca pg_info->page en NULL. Por lo tanto, esta verificaci\u00f3n parece innecesaria y no resuelve el problema potencial. Pero supongo que el autor ten\u00eda motivos para agregar un cheque y yo no tengo esa tarjeta y no puedo hacer una prueba real. Adem\u00e1s, el c\u00f3digo de la funci\u00f3n liquidio_push_packet() en liquidio/lio_core.c hace exactamente lo mismo. En base a esto, considero la soluci\u00f3n de compromiso m\u00e1s aceptable para ajustar este problema moviendo skb_add_rx_frag() al alcance condicional. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."}], "id": "CVE-2024-39506", "lastModified": "2024-11-21T09:27:51.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:12.957", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}], "bugzilla": {"description": "kernel: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet", "id": "2297478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297478"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\nlio_vf_rep_copy_packet() call trace looks like:\nocteon_droq_process_packets\nocteon_droq_fast_process_packets\nocteon_droq_dispatch_pkt\nocteon_create_recv_info\n...search in the dispatch_list...\n->disp_fn(rdisp->rinfo, ...)\nlio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\nFound by Linux Verification Center (linuxtesting.org) with SVACE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-39506", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-39506\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39506\nhttps://lore.kernel.org/linux-cve-announce/2024071205-CVE-2024-39506-b0cc@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.317, kernel 5.4.279, kernel 5.10.221, kernel 5.15.162, kernel 6.1.95, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc4"}