{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43846", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-17T09:11:59.275Z", "datePublished": "2024-08-17T09:22:00.481Z", "dateUpdated": "2024-11-05T09:41:01.081Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:41:01.081Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["lib/objagg.c"], "versions": [{"version": "9069a3817d82", "lessThan": "816126336215", "status": "affected", "versionType": "git"}, {"version": "9069a3817d82", "lessThan": "22ae17a267f4", "status": "affected", "versionType": "git"}, {"version": "9069a3817d82", "lessThan": "565213e00555", "status": "affected", "versionType": "git"}, {"version": "9069a3817d82", "lessThan": "5adc61d29bbb", "status": "affected", "versionType": "git"}, {"version": "9069a3817d82", "lessThan": "1936fa05a180", "status": "affected", "versionType": "git"}, {"version": "9069a3817d82", "lessThan": "499f742fed42", "status": "affected", "versionType": "git"}, {"version": "9069a3817d82", "lessThan": "b4a3a89fffcd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["lib/objagg.c"], "versions": [{"version": "5.1", "status": "affected"}, {"version": "0", "lessThan": "5.1", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.282", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.224", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.103", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a"}, {"url": "https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc"}, {"url": "https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170"}, {"url": "https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7"}, {"url": "https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb"}, {"url": "https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc"}, {"url": "https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d"}], "title": "lib: objagg: Fix general protection fault", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43846", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:07:39.903240Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:21.861Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43846", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:07:39.903240Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:23.001Z"}}], "cna": {"title": "lib: objagg: Fix general protection fault", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9069a3817d82", "lessThan": "816126336215", "versionType": "git"}, {"status": "affected", "version": "9069a3817d82", "lessThan": "22ae17a267f4", "versionType": "git"}, {"status": "affected", "version": "9069a3817d82", "lessThan": "565213e00555", "versionType": "git"}, {"status": "affected", "version": "9069a3817d82", "lessThan": "5adc61d29bbb", "versionType": "git"}, {"status": "affected", "version": "9069a3817d82", "lessThan": "1936fa05a180", "versionType": "git"}, {"status": "affected", "version": "9069a3817d82", "lessThan": "499f742fed42", "versionType": "git"}, {"status": "affected", "version": "9069a3817d82", "lessThan": "b4a3a89fffcd", "versionType": "git"}], "programFiles": ["lib/objagg.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.1"}, {"status": "unaffected", "version": "0", "lessThan": "5.1", "versionType": "custom"}, {"status": "unaffected", "version": "5.4.282", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.224", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.165", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.103", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.44", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "custom", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["lib/objagg.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a"}, {"url": "https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc"}, {"url": "https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170"}, {"url": "https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7"}, {"url": "https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb"}, {"url": "https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc"}, {"url": "https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:54:11.219Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43846", "state": "PUBLISHED", "dateUpdated": "2024-09-15T17:54:11.219Z", "dateReserved": "2024-08-17T09:11:59.275Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-17T09:22:00.481Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB327727-E3BB-4E46-A8EC-12AD13E62544", "versionEndExcluding": "6.1.103", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: lib: objagg: soluciona un fallo de protecci\u00f3n general. La librer\u00eda admite la agregaci\u00f3n de objetos en otros objetos s\u00f3lo si el objeto principal no tiene un padre en s\u00ed. Es decir, no se admite el anidamiento. La agregaci\u00f3n ocurre en dos casos: sin y con sugerencias, donde las sugerencias son una recomendaci\u00f3n calculada previamente sobre c\u00f3mo agregar los objetos proporcionados. El anidamiento no es posible en el primer caso debido a una verificaci\u00f3n que lo impide, pero en el segundo caso no hay verificaci\u00f3n porque se supone que el anidamiento no puede ocurrir cuando se crean objetos basados en sugerencias. La violaci\u00f3n de este supuesto conduce a diversas advertencias y eventualmente a un fallo de protecci\u00f3n general [1]. Antes de solucionar la causa ra\u00edz, elimine el error cuando se produzca el anidamiento y advierta. [1] falla de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdead000000000d90: 0000 [#1] CPU PREEMPT SMP PTI: 1 PID: 1083 Comm: kworker/1:9 Tainted: GW 6.9.0-rc6-custom-gd9b4f1cca7fb #7 Nombre del hardware: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 06/01/2019 Cola de trabajo: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80 [...] Rastreo de llamadas: acl_atcam_entry_add+0x256/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e /0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270 mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510 Process_one_work+0x151/0x370 trabajador_thread+0x2cb/0x3e0 kthread+0xd0/0x100 x34/0x50 ret_from_fork_asm+0x1a/0x30 "}], "id": "CVE-2024-43846", "lastModified": "2024-10-25T19:52:01.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-17T10:15:09.900", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: lib: objagg: Fix general protection fault", "id": "2305504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305504"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-200", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nlib: objagg: Fix general protection fault\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\nBefore fixing the root cause, error out when nesting happens and warn.\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n<TASK>\nmlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\nmlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\nmlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\nmlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\nprocess_one_work+0x151/0x370\nworker_thread+0x2cb/0x3e0\nkthread+0xd0/0x100\nret_from_fork+0x34/0x50\nret_from_fork_asm+0x1a/0x30\n</TASK>"], "name": "CVE-2024-43846", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-43846\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43846\nhttps://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43846-2bd0@gregkh/T"], "threat_severity": "Moderate"}