{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46799", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.280Z", "datePublished": "2024-09-18T07:12:53.508Z", "dateUpdated": "2024-12-19T09:23:22.922Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:23:22.922Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX\n\nIf number of TX queues are set to 1 we get a NULL pointer\ndereference during XDP_TX.\n\n~# ethtool -L eth0 tx 1\n~# ./xdp-trafficgen udp -A <ipv6-src> -a <ipv6-dst> eth0 -t 2\nTransmitting on eth0 (ifindex 2)\n[ 241.135257] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030\n\nFix this by using actual TX queues instead of max TX queues\nwhen picking the TX channel in am65_cpsw_ndo_xdp_xmit()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/ti/am65-cpsw-nuss.c"], "versions": [{"version": "8acacc40f7337527ff84cd901ed2ef0a2b95b2b6", "lessThan": "2e7189d2b1de51fc2567676cd4f96c0fe0960b9f", "status": "affected", "versionType": "git"}, {"version": "8acacc40f7337527ff84cd901ed2ef0a2b95b2b6", "lessThan": "0a50c35277f96481a5a6ed5faf347f282040c57d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/ti/am65-cpsw-nuss.c"], "versions": [{"version": "6.10", "status": "affected"}, {"version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.10", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/2e7189d2b1de51fc2567676cd4f96c0fe0960b9f"}, {"url": "https://git.kernel.org/stable/c/0a50c35277f96481a5a6ed5faf347f282040c57d"}], "title": "net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-29T14:21:59.771097Z", "id": "CVE-2024-46799", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:22:10.684Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46799", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-29T14:21:59.771097Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:22:01.101Z"}}], "cna": {"title": "net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8acacc40f733", "lessThan": "2e7189d2b1de", "versionType": "git"}, {"status": "affected", "version": "8acacc40f733", "lessThan": "0a50c35277f9", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/ti/am65-cpsw-nuss.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.10"}, {"status": "unaffected", "version": "0", "lessThan": "6.10", "versionType": "semver"}, {"status": "unaffected", "version": "6.10.10", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/ti/am65-cpsw-nuss.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2e7189d2b1de51fc2567676cd4f96c0fe0960b9f"}, {"url": "https://git.kernel.org/stable/c/0a50c35277f96481a5a6ed5faf347f282040c57d"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX\n\nIf number of TX queues are set to 1 we get a NULL pointer\ndereference during XDP_TX.\n\n~# ethtool -L eth0 tx 1\n~# ./xdp-trafficgen udp -A <ipv6-src> -a <ipv6-dst> eth0 -t 2\nTransmitting on eth0 (ifindex 2)\n[ 241.135257] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030\n\nFix this by using actual TX queues instead of max TX queues\nwhen picking the TX channel in am65_cpsw_ndo_xdp_xmit()."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:46:51.396Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46799", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:46:51.396Z", "dateReserved": "2024-09-11T15:12:18.280Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-18T07:12:53.508Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D16659A9-BECD-4E13-8994-B096652762E2", "versionEndExcluding": "6.10.10", "versionStartIncluding": "6.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX\n\nIf number of TX queues are set to 1 we get a NULL pointer\ndereference during XDP_TX.\n\n~# ethtool -L eth0 tx 1\n~# ./xdp-trafficgen udp -A <ipv6-src> -a <ipv6-dst> eth0 -t 2\nTransmitting on eth0 (ifindex 2)\n[ 241.135257] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030\n\nFix this by using actual TX queues instead of max TX queues\nwhen picking the TX channel in am65_cpsw_ndo_xdp_xmit()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet: ti: am65-cpsw: Corregir la desreferencia NULL en XDP_TX Si el n\u00famero de colas TX se establece en 1, obtenemos una desreferencia de puntero NULL durante XDP_TX. ~# ethtool -L eth0 tx 1 ~# ./xdp-trafficgen udp -A -a eth0 -t 2 Transmitiendo en eth0 (ifindex 2) [ 241.135257] No se puede manejar la desreferencia de puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000030 Solucione esto utilizando colas TX reales en lugar de colas TX m\u00e1ximas al seleccionar el canal TX en am65_cpsw_ndo_xdp_xmit()."}], "id": "CVE-2024-46799", "lastModified": "2024-09-23T16:17:21.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-18T08:15:06.523", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0a50c35277f96481a5a6ed5faf347f282040c57d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2e7189d2b1de51fc2567676cd4f96c0fe0960b9f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX", "id": "2313147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313147"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX\nIf number of TX queues are set to 1 we get a NULL pointer\ndereference during XDP_TX.\n~# ethtool -L eth0 tx 1\n~# ./xdp-trafficgen udp -A <ipv6-src> -a <ipv6-dst> eth0 -t 2\nTransmitting on eth0 (ifindex 2)\n[ 241.135257] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030\nFix this by using actual TX queues instead of max TX queues\nwhen picking the TX channel in am65_cpsw_ndo_xdp_xmit().", "A vulnerability was found in the Linux kernel's net: ethernet: ti: am65-cpsw driver, which caused a NULL pointer dereference when Express Data Path (XDP) traffic was transmitted with only one TX queue configured. This issue occurred due to the incorrect use of the maximum number of TX queues instead of the actual number in the am65_cpsw_ndo_xdp_xmit() function."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-46799", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46799\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46799\nhttps://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46799-cc5c@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}