CVE-2024-41047 - OpenCVE

Link	Providers
https://git.kernel.org/stable/c/0075b8c94d76830c7b6f018f6e4eeb0bf6465fdc
https://git.kernel.org/stable/c/01fc5142ae6b06b61ed51a624f2732d6525d8ea3
https://git.kernel.org/stable/c/4bc336b2345f1485438c0eb7246d9c8a8d09f8ff
https://git.kernel.org/stable/c/5266302cb2c74d8ab0e9a69d5752fffaea70496e
https://git.kernel.org/stable/c/b399a68054dfb36eed121846ef5fcddba40b7740
https://lore.kernel.org/linux-cve-announce/2024072926-CVE-2024-41047-f253@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-41047
https://www.cve.org/CVERecord?id=CVE-2024-41047

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Weaknesses		CWE-372
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 1.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L'}`

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41047", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.625Z", "datePublished": "2024-07-29T14:32:04.402Z", "dateUpdated": "2024-11-05T09:35:38.083Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:35:38.083Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix XDP program unloading while removing the driver\n\nThe commit 6533e558c650 (\"i40e: Fix reset path while removing\nthe driver\") introduced a new PF state \"__I40E_IN_REMOVE\" to block\nmodifying the XDP program while the driver is being removed.\nUnfortunately, such a change is useful only if the \".ndo_bpf()\"\ncallback was called out of the rmmod context because unloading the\nexisting XDP program is also a part of driver removing procedure.\nIn other words, from the rmmod context the driver is expected to\nunload the XDP program without reporting any errors. Otherwise,\nthe kernel warning with callstack is printed out to dmesg.\n\nExample failing scenario:\n 1. Load the i40e driver.\n 2. Load the XDP program.\n 3. Unload the i40e driver (using \"rmmod\" command).\n\nThe example kernel warning log:\n\n[ +0.004646] WARNING: CPU: 94 PID: 10395 at net/core/dev.c:9290 unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.010959] RIP: 0010:unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.002726] Call Trace:\n[ +0.002457] <TASK>\n[ +0.002119] ? __warn+0x80/0x120\n[ +0.003245] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005586] ? report_bug+0x164/0x190\n[ +0.003678] ? handle_bug+0x3c/0x80\n[ +0.003503] ? exc_invalid_op+0x17/0x70\n[ +0.003846] ? asm_exc_invalid_op+0x1a/0x20\n[ +0.004200] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005579] ? unregister_netdevice_many_notify+0x3cc/0x870\n[ +0.005586] unregister_netdevice_queue+0xf7/0x140\n[ +0.004806] unregister_netdev+0x1c/0x30\n[ +0.003933] i40e_vsi_release+0x87/0x2f0 [i40e]\n[ +0.004604] i40e_remove+0x1a1/0x420 [i40e]\n[ +0.004220] pci_device_remove+0x3f/0xb0\n[ +0.003943] device_release_driver_internal+0x19f/0x200\n[ +0.005243] driver_detach+0x48/0x90\n[ +0.003586] bus_remove_driver+0x6d/0xf0\n[ +0.003939] pci_unregister_driver+0x2e/0xb0\n[ +0.004278] i40e_exit_module+0x10/0x5f0 [i40e]\n[ +0.004570] __do_sys_delete_module.isra.0+0x197/0x310\n[ +0.005153] do_syscall_64+0x85/0x170\n[ +0.003684] ? syscall_exit_to_user_mode+0x69/0x220\n[ +0.004886] ? do_syscall_64+0x95/0x170\n[ +0.003851] ? exc_page_fault+0x7e/0x180\n[ +0.003932] entry_SYSCALL_64_after_hwframe+0x71/0x79\n[ +0.005064] RIP: 0033:0x7f59dc9347cb\n[ +0.003648] Code: 73 01 c3 48 8b 0d 65 16 0c 00 f7 d8 64 89 01 48 83\nc8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f\n05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 16 0c 00 f7 d8 64 89 01 48\n[ +0.018753] RSP: 002b:00007ffffac99048 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n[ +0.007577] RAX: ffffffffffffffda RBX: 0000559b9bb2f6e0 RCX: 00007f59dc9347cb\n[ +0.007140] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000559b9bb2f748\n[ +0.007146] RBP: 00007ffffac99070 R08: 1999999999999999 R09: 0000000000000000\n[ +0.007133] R10: 00007f59dc9a5ac0 R11: 0000000000000206 R12: 0000000000000000\n[ +0.007141] R13: 00007ffffac992d8 R14: 0000559b9bb2f6e0 R15: 0000000000000000\n[ +0.007151] </TASK>\n[ +0.002204] ---[ end trace 0000000000000000 ]---\n\nFix this by checking if the XDP program is being loaded or unloaded.\nThen, block only loading a new program while \"__I40E_IN_REMOVE\" is set.\nAlso, move testing \"__I40E_IN_REMOVE\" flag to the beginning of XDP_SETUP\ncallback to avoid unnecessary operations and checks."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_main.c"], "versions": [{"version": "b82364abc54b", "lessThan": "b399a68054df", "status": "affected", "versionType": "git"}, {"version": "6533e558c650", "lessThan": "4bc336b2345f", "status": "affected", "versionType": "git"}, {"version": "6533e558c650", "lessThan": "5266302cb2c7", "status": "affected", "versionType": "git"}, {"version": "6533e558c650", "lessThan": "0075b8c94d76", "status": "affected", "versionType": "git"}, {"version": "6533e558c650", "lessThan": "01fc5142ae6b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_main.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.100", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.41", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b399a68054dfb36eed121846ef5fcddba40b7740"}, {"url": "https://git.kernel.org/stable/c/4bc336b2345f1485438c0eb7246d9c8a8d09f8ff"}, {"url": "https://git.kernel.org/stable/c/5266302cb2c74d8ab0e9a69d5752fffaea70496e"}, {"url": "https://git.kernel.org/stable/c/0075b8c94d76830c7b6f018f6e4eeb0bf6465fdc"}, {"url": "https://git.kernel.org/stable/c/01fc5142ae6b06b61ed51a624f2732d6525d8ea3"}], "title": "i40e: Fix XDP program unloading while removing the driver", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.353Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b399a68054dfb36eed121846ef5fcddba40b7740", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4bc336b2345f1485438c0eb7246d9c8a8d09f8ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5266302cb2c74d8ab0e9a69d5752fffaea70496e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0075b8c94d76830c7b6f018f6e4eeb0bf6465fdc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/01fc5142ae6b06b61ed51a624f2732d6525d8ea3", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41047", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:22:54.054477Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:02.173Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b399a68054dfb36eed121846ef5fcddba40b7740", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4bc336b2345f1485438c0eb7246d9c8a8d09f8ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5266302cb2c74d8ab0e9a69d5752fffaea70496e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0075b8c94d76830c7b6f018f6e4eeb0bf6465fdc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/01fc5142ae6b06b61ed51a624f2732d6525d8ea3", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.353Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41047", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:22:54.054477Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.291Z"}}], "cna": {"title": "i40e: Fix XDP program unloading while removing the driver", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b82364abc54b", "lessThan": "b399a68054df", "versionType": "git"}, {"status": "affected", "version": "6533e558c650", "lessThan": "4bc336b2345f", "versionType": "git"}, {"status": "affected", "version": "6533e558c650", "lessThan": "5266302cb2c7", "versionType": "git"}, {"status": "affected", "version": "6533e558c650", "lessThan": "0075b8c94d76", "versionType": "git"}, {"status": "affected", "version": "6533e558c650", "lessThan": "01fc5142ae6b", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.17"}, {"status": "unaffected", "version": "0", "lessThan": "5.17", "versionType": "custom"}, {"status": "unaffected", "version": "5.15.163", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.100", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.41", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.10", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b399a68054dfb36eed121846ef5fcddba40b7740"}, {"url": "https://git.kernel.org/stable/c/4bc336b2345f1485438c0eb7246d9c8a8d09f8ff"}, {"url": "https://git.kernel.org/stable/c/5266302cb2c74d8ab0e9a69d5752fffaea70496e"}, {"url": "https://git.kernel.org/stable/c/0075b8c94d76830c7b6f018f6e4eeb0bf6465fdc"}, {"url": "https://git.kernel.org/stable/c/01fc5142ae6b06b61ed51a624f2732d6525d8ea3"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix XDP program unloading while removing the driver\n\nThe commit 6533e558c650 (\"i40e: Fix reset path while removing\nthe driver\") introduced a new PF state \"__I40E_IN_REMOVE\" to block\nmodifying the XDP program while the driver is being removed.\nUnfortunately, such a change is useful only if the \".ndo_bpf()\"\ncallback was called out of the rmmod context because unloading the\nexisting XDP program is also a part of driver removing procedure.\nIn other words, from the rmmod context the driver is expected to\nunload the XDP program without reporting any errors. Otherwise,\nthe kernel warning with callstack is printed out to dmesg.\n\nExample failing scenario:\n 1. Load the i40e driver.\n 2. Load the XDP program.\n 3. Unload the i40e driver (using \"rmmod\" command).\n\nThe example kernel warning log:\n\n[ +0.004646] WARNING: CPU: 94 PID: 10395 at net/core/dev.c:9290 unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.010959] RIP: 0010:unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.002726] Call Trace:\n[ +0.002457] <TASK>\n[ +0.002119] ? __warn+0x80/0x120\n[ +0.003245] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005586] ? report_bug+0x164/0x190\n[ +0.003678] ? handle_bug+0x3c/0x80\n[ +0.003503] ? exc_invalid_op+0x17/0x70\n[ +0.003846] ? asm_exc_invalid_op+0x1a/0x20\n[ +0.004200] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005579] ? unregister_netdevice_many_notify+0x3cc/0x870\n[ +0.005586] unregister_netdevice_queue+0xf7/0x140\n[ +0.004806] unregister_netdev+0x1c/0x30\n[ +0.003933] i40e_vsi_release+0x87/0x2f0 [i40e]\n[ +0.004604] i40e_remove+0x1a1/0x420 [i40e]\n[ +0.004220] pci_device_remove+0x3f/0xb0\n[ +0.003943] device_release_driver_internal+0x19f/0x200\n[ +0.005243] driver_detach+0x48/0x90\n[ +0.003586] bus_remove_driver+0x6d/0xf0\n[ +0.003939] pci_unregister_driver+0x2e/0xb0\n[ +0.004278] i40e_exit_module+0x10/0x5f0 [i40e]\n[ +0.004570] __do_sys_delete_module.isra.0+0x197/0x310\n[ +0.005153] do_syscall_64+0x85/0x170\n[ +0.003684] ? syscall_exit_to_user_mode+0x69/0x220\n[ +0.004886] ? do_syscall_64+0x95/0x170\n[ +0.003851] ? exc_page_fault+0x7e/0x180\n[ +0.003932] entry_SYSCALL_64_after_hwframe+0x71/0x79\n[ +0.005064] RIP: 0033:0x7f59dc9347cb\n[ +0.003648] Code: 73 01 c3 48 8b 0d 65 16 0c 00 f7 d8 64 89 01 48 83\nc8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f\n05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 16 0c 00 f7 d8 64 89 01 48\n[ +0.018753] RSP: 002b:00007ffffac99048 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n[ +0.007577] RAX: ffffffffffffffda RBX: 0000559b9bb2f6e0 RCX: 00007f59dc9347cb\n[ +0.007140] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000559b9bb2f748\n[ +0.007146] RBP: 00007ffffac99070 R08: 1999999999999999 R09: 0000000000000000\n[ +0.007133] R10: 00007f59dc9a5ac0 R11: 0000000000000206 R12: 0000000000000000\n[ +0.007141] R13: 00007ffffac992d8 R14: 0000559b9bb2f6e0 R15: 0000000000000000\n[ +0.007151] </TASK>\n[ +0.002204] ---[ end trace 0000000000000000 ]---\n\nFix this by checking if the XDP program is being loaded or unloaded.\nThen, block only loading a new program while \"__I40E_IN_REMOVE\" is set.\nAlso, move testing \"__I40E_IN_REMOVE\" flag to the beginning of XDP_SETUP\ncallback to avoid unnecessary operations and checks."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T14:32:04.402Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41047", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:02.173Z", "dateReserved": "2024-07-12T12:17:45.625Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:32:04.402Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix XDP program unloading while removing the driver\n\nThe commit 6533e558c650 (\"i40e: Fix reset path while removing\nthe driver\") introduced a new PF state \"__I40E_IN_REMOVE\" to block\nmodifying the XDP program while the driver is being removed.\nUnfortunately, such a change is useful only if the \".ndo_bpf()\"\ncallback was called out of the rmmod context because unloading the\nexisting XDP program is also a part of driver removing procedure.\nIn other words, from the rmmod context the driver is expected to\nunload the XDP program without reporting any errors. Otherwise,\nthe kernel warning with callstack is printed out to dmesg.\n\nExample failing scenario:\n 1. Load the i40e driver.\n 2. Load the XDP program.\n 3. Unload the i40e driver (using \"rmmod\" command).\n\nThe example kernel warning log:\n\n[ +0.004646] WARNING: CPU: 94 PID: 10395 at net/core/dev.c:9290 unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.010959] RIP: 0010:unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.002726] Call Trace:\n[ +0.002457] <TASK>\n[ +0.002119] ? __warn+0x80/0x120\n[ +0.003245] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005586] ? report_bug+0x164/0x190\n[ +0.003678] ? handle_bug+0x3c/0x80\n[ +0.003503] ? exc_invalid_op+0x17/0x70\n[ +0.003846] ? asm_exc_invalid_op+0x1a/0x20\n[ +0.004200] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005579] ? unregister_netdevice_many_notify+0x3cc/0x870\n[ +0.005586] unregister_netdevice_queue+0xf7/0x140\n[ +0.004806] unregister_netdev+0x1c/0x30\n[ +0.003933] i40e_vsi_release+0x87/0x2f0 [i40e]\n[ +0.004604] i40e_remove+0x1a1/0x420 [i40e]\n[ +0.004220] pci_device_remove+0x3f/0xb0\n[ +0.003943] device_release_driver_internal+0x19f/0x200\n[ +0.005243] driver_detach+0x48/0x90\n[ +0.003586] bus_remove_driver+0x6d/0xf0\n[ +0.003939] pci_unregister_driver+0x2e/0xb0\n[ +0.004278] i40e_exit_module+0x10/0x5f0 [i40e]\n[ +0.004570] __do_sys_delete_module.isra.0+0x197/0x310\n[ +0.005153] do_syscall_64+0x85/0x170\n[ +0.003684] ? syscall_exit_to_user_mode+0x69/0x220\n[ +0.004886] ? do_syscall_64+0x95/0x170\n[ +0.003851] ? exc_page_fault+0x7e/0x180\n[ +0.003932] entry_SYSCALL_64_after_hwframe+0x71/0x79\n[ +0.005064] RIP: 0033:0x7f59dc9347cb\n[ +0.003648] Code: 73 01 c3 48 8b 0d 65 16 0c 00 f7 d8 64 89 01 48 83\nc8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f\n05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 16 0c 00 f7 d8 64 89 01 48\n[ +0.018753] RSP: 002b:00007ffffac99048 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n[ +0.007577] RAX: ffffffffffffffda RBX: 0000559b9bb2f6e0 RCX: 00007f59dc9347cb\n[ +0.007140] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000559b9bb2f748\n[ +0.007146] RBP: 00007ffffac99070 R08: 1999999999999999 R09: 0000000000000000\n[ +0.007133] R10: 00007f59dc9a5ac0 R11: 0000000000000206 R12: 0000000000000000\n[ +0.007141] R13: 00007ffffac992d8 R14: 0000559b9bb2f6e0 R15: 0000000000000000\n[ +0.007151] </TASK>\n[ +0.002204] ---[ end trace 0000000000000000 ]---\n\nFix this by checking if the XDP program is being loaded or unloaded.\nThen, block only loading a new program while \"__I40E_IN_REMOVE\" is set.\nAlso, move testing \"__I40E_IN_REMOVE\" flag to the beginning of XDP_SETUP\ncallback to avoid unnecessary operations and checks."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: corrige la descarga del programa XDP mientras se elimina el controlador La confirmaci\u00f3n 6533e558c650 (\"i40e: corrige la ruta de reinicio mientras se elimina el controlador\") introdujo un nuevo estado de PF \"__I40E_IN_REMOVE\" para bloquear la modificaci\u00f3n del programa XDP mientras se elimina el controlador. Desafortunadamente, tal cambio es \u00fatil s\u00f3lo si la devoluci\u00f3n de llamada \".ndo_bpf()\" fue llamada fuera del contexto rmmod porque descargar el programa XDP existente tambi\u00e9n es parte del procedimiento de eliminaci\u00f3n del controlador. En otras palabras, desde el contexto rmmod se espera que el controlador descargue el programa XDP sin informar ning\u00fan error. De lo contrario, la advertencia del kernel con la pila de llamadas se imprime en dmesg. Ejemplo de escenario de error: 1. Cargue el controlador i40e. 2. Cargue el programa XDP. 3. Descargue el controlador i40e (usando el comando \"rmmod\"). El registro de advertencia del kernel de ejemplo: [ +0.004646] ADVERTENCIA: CPU: 94 PID: 10395 en net/core/dev.c:9290 unregister_netdevice_many_notify+0x7a9/0x870 [...] [ +0.010959] RIP: 0010:unregister_netdevice_many_notify+0x7a9/ 0x870 [...] [ +0.002726] Seguimiento de llamadas: [ +0.002457] [ +0.002119] ? __advertir+0x80/0x120 [ +0.003245] ? unregister_netdevice_many_notify+0x7a9/0x870 [+0.005586]? report_bug+0x164/0x190 [+0.003678] ? handle_bug+0x3c/0x80 [+0.003503]? exc_invalid_op+0x17/0x70 [+0.003846]? asm_exc_invalid_op+0x1a/0x20 [+0.004200]? unregister_netdevice_many_notify+0x7a9/0x870 [+0.005579]? unregister_netdevice_many_notify+0x3cc/0x870 [ +0.005586] unregister_netdevice_queue+0xf7/0x140 [ +0.004806] unregister_netdev+0x1c/0x30 [ +0.003933] i40e_vsi_release+0x87/0x2f0 [i40e] [ + 0.004604] i40e_remove+0x1a1/0x420 [i40e] [ +0.004220 ] pci_device_remove+0x3f/0xb0 [ +0.003943] device_release_driver_internal+0x19f/0x200 [ +0.005243] driver_detach+0x48/0x90 [ +0.003586] bus_remove_driver+0x6d/0xf0 [ +0.003939] ister_driver+0x2e/0xb0 [ +0.004278] i40e_exit_module+0x10/ 0x5f0 [i40e] [ +0.004570] __do_sys_delete_module.isra.0+0x197/0x310 [ +0.005153] do_syscall_64+0x85/0x170 [ +0.003684] ? syscall_exit_to_user_mode+0x69/0x220 [+0.004886]? do_syscall_64+0x95/0x170 [ +0.003851] ? exc_page_fault+0x7e/0x180 [ +0.003932] Entry_SYSCALL_64_after_hwframe+0x71/0x79 [ +0.005064] RIP: 0033:0x7f59dc9347cb [ +0.003648] C\u00f3digo: 73 01 c3 48 8b 0d 65 16 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 16 0c 00 f7 d8 64 89 01 48 [ +0. 018753] RSP : 002b:00007ffffac99048 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 [ +0.007577] RAX: ffffffffffffffda RBX: 0000559b9bb2f6e0 RCX: 00007f59dc9347cb [ +0. 007140] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000559b9bb2f748 [ +0.007146] RBP: 00007ffffac99070 R08: 1999999999999999 R09: 0000000000000 [ +0.007133] R10: 00007f59dc9a5ac0 R11: 0000000000000206 R12: 0000000000000000 [ +0.007141] R13: 00007ffffac992d8 R14: 0000559b9bb2f6e0 5: 0000000000000000 [+0.007151] [+0.002204] ---[ final de seguimiento 0000000000000000 ]--- Solucionar esto comprobando si el programa XDP se est\u00e1 cargando o descargando. Luego, bloquee solo la carga de un nuevo programa mientras \"__I40E_IN_REMOVE\" est\u00e9 configurado. Adem\u00e1s, mueva el indicador de prueba \"__I40E_IN_REMOVE\" al comienzo de la devoluci\u00f3n de llamada XDP_SETUP para evitar operaciones y comprobaciones innecesarias."}], "id": "CVE-2024-41047", "lastModified": "2024-07-29T16:21:52.517", "metrics": {}, "published": "2024-07-29T15:15:13.027", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0075b8c94d76830c7b6f018f6e4eeb0bf6465fdc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/01fc5142ae6b06b61ed51a624f2732d6525d8ea3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4bc336b2345f1485438c0eb7246d9c8a8d09f8ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5266302cb2c74d8ab0e9a69d5752fffaea70496e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b399a68054dfb36eed121846ef5fcddba40b7740"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: i40e: Fix XDP program unloading while removing the driver", "id": "2300417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300417"}, "csaw": false, "cvss3": {"cvss3_base_score": "1.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-372", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ni40e: Fix XDP program unloading while removing the driver\nThe commit 6533e558c650 (\"i40e: Fix reset path while removing\nthe driver\") introduced a new PF state \"__I40E_IN_REMOVE\" to block\nmodifying the XDP program while the driver is being removed.\nUnfortunately, such a change is useful only if the \".ndo_bpf()\"\ncallback was called out of the rmmod context because unloading the\nexisting XDP program is also a part of driver removing procedure.\nIn other words, from the rmmod context the driver is expected to\nunload the XDP program without reporting any errors. Otherwise,\nthe kernel warning with callstack is printed out to dmesg.\nExample failing scenario:\n1. Load the i40e driver.\n2. Load the XDP program.\n3. Unload the i40e driver (using \"rmmod\" command).\nThe example kernel warning log:\n[ +0.004646] WARNING: CPU: 94 PID: 10395 at net/core/dev.c:9290 unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.010959] RIP: 0010:unregister_netdevice_many_notify+0x7a9/0x870\n[...]\n[ +0.002726] Call Trace:\n[ +0.002457] <TASK>\n[ +0.002119] ? __warn+0x80/0x120\n[ +0.003245] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005586] ? report_bug+0x164/0x190\n[ +0.003678] ? handle_bug+0x3c/0x80\n[ +0.003503] ? exc_invalid_op+0x17/0x70\n[ +0.003846] ? asm_exc_invalid_op+0x1a/0x20\n[ +0.004200] ? unregister_netdevice_many_notify+0x7a9/0x870\n[ +0.005579] ? unregister_netdevice_many_notify+0x3cc/0x870\n[ +0.005586] unregister_netdevice_queue+0xf7/0x140\n[ +0.004806] unregister_netdev+0x1c/0x30\n[ +0.003933] i40e_vsi_release+0x87/0x2f0 [i40e]\n[ +0.004604] i40e_remove+0x1a1/0x420 [i40e]\n[ +0.004220] pci_device_remove+0x3f/0xb0\n[ +0.003943] device_release_driver_internal+0x19f/0x200\n[ +0.005243] driver_detach+0x48/0x90\n[ +0.003586] bus_remove_driver+0x6d/0xf0\n[ +0.003939] pci_unregister_driver+0x2e/0xb0\n[ +0.004278] i40e_exit_module+0x10/0x5f0 [i40e]\n[ +0.004570] __do_sys_delete_module.isra.0+0x197/0x310\n[ +0.005153] do_syscall_64+0x85/0x170\n[ +0.003684] ? syscall_exit_to_user_mode+0x69/0x220\n[ +0.004886] ? do_syscall_64+0x95/0x170\n[ +0.003851] ? exc_page_fault+0x7e/0x180\n[ +0.003932] entry_SYSCALL_64_after_hwframe+0x71/0x79\n[ +0.005064] RIP: 0033:0x7f59dc9347cb\n[ +0.003648] Code: 73 01 c3 48 8b 0d 65 16 0c 00 f7 d8 64 89 01 48 83\nc8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f\n05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 16 0c 00 f7 d8 64 89 01 48\n[ +0.018753] RSP: 002b:00007ffffac99048 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n[ +0.007577] RAX: ffffffffffffffda RBX: 0000559b9bb2f6e0 RCX: 00007f59dc9347cb\n[ +0.007140] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000559b9bb2f748\n[ +0.007146] RBP: 00007ffffac99070 R08: 1999999999999999 R09: 0000000000000000\n[ +0.007133] R10: 00007f59dc9a5ac0 R11: 0000000000000206 R12: 0000000000000000\n[ +0.007141] R13: 00007ffffac992d8 R14: 0000559b9bb2f6e0 R15: 0000000000000000\n[ +0.007151] </TASK>\n[ +0.002204] ---[ end trace 0000000000000000 ]---\nFix this by checking if the XDP program is being loaded or unloaded.\nThen, block only loading a new program while \"__I40E_IN_REMOVE\" is set.\nAlso, move testing \"__I40E_IN_REMOVE\" flag to the beginning of XDP_SETUP\ncallback to avoid unnecessary operations and checks."], "name": "CVE-2024-41047", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41047\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41047\nhttps://lore.kernel.org/linux-cve-announce/2024072926-CVE-2024-41047-f253@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.15.163, kernel 6.1.100, kernel 6.6.41, kernel 6.9.10, kernel 6.10"}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object