{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50001", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.058Z", "datePublished": "2024-10-21T18:02:40.254Z", "dateUpdated": "2024-11-05T09:53:15.452Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:53:15.452Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix error path in multi-packet WQE transmit\n\nRemove the erroneous unmap in case no DMA mapping was established\n\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for\nthe skb. This could fail, e.g. under memory pressure, when the IOMMU\ndriver just can't allocate more memory for page tables. While the code\ntries to handle this in the path below the err_unmap label it erroneously\nunmaps one entry from the sq's FIFO list of active mappings. Since the\ncurrent map attempt failed this unmap is removing some random DMA mapping\nthat might still be required. If the PCI function now presents that IOVA,\nthe IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI\nfunction in error state.\n\nThe erroneous behavior was seen in a stress-test environment that created\nmemory pressure."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en_tx.c"], "versions": [{"version": "5af75c747e2a", "lessThan": "ca36d6c1a49b", "status": "affected", "versionType": "git"}, {"version": "5af75c747e2a", "lessThan": "ce828b347cf1", "status": "affected", "versionType": "git"}, {"version": "5af75c747e2a", "lessThan": "fc357e781769", "status": "affected", "versionType": "git"}, {"version": "5af75c747e2a", "lessThan": "26fad69b34fc", "status": "affected", "versionType": "git"}, {"version": "5af75c747e2a", "lessThan": "ecf310aaf256", "status": "affected", "versionType": "git"}, {"version": "5af75c747e2a", "lessThan": "8bb8c12fb5e2", "status": "affected", "versionType": "git"}, {"version": "5af75c747e2a", "lessThan": "2bcae12c795f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en_tx.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ca36d6c1a49b6965c86dd528a73f38bc62d9c625"}, {"url": "https://git.kernel.org/stable/c/ce828b347cf1b3c1b12b091d02463c35ce5097f5"}, {"url": "https://git.kernel.org/stable/c/fc357e78176945ca7bcacf92ab794b9ccd41b4f4"}, {"url": "https://git.kernel.org/stable/c/26fad69b34fcba80d5c7d9e651f628e6ac927754"}, {"url": "https://git.kernel.org/stable/c/ecf310aaf256acbc8182189fe0aa1021c3ddef72"}, {"url": "https://git.kernel.org/stable/c/8bb8c12fb5e2b1f03d603d493c92941676f109b5"}, {"url": "https://git.kernel.org/stable/c/2bcae12c795f32ddfbf8c80d1b5f1d3286341c32"}], "title": "net/mlx5: Fix error path in multi-packet WQE transmit", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50001", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:29:57.852551Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:38:41.116Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50001", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:29:57.852551Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:30:01.049Z"}}], "cna": {"title": "net/mlx5: Fix error path in multi-packet WQE transmit", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5af75c747e2a", "lessThan": "ca36d6c1a49b", "versionType": "git"}, {"status": "affected", "version": "5af75c747e2a", "lessThan": "ce828b347cf1", "versionType": "git"}, {"status": "affected", "version": "5af75c747e2a", "lessThan": "fc357e781769", "versionType": "git"}, {"status": "affected", "version": "5af75c747e2a", "lessThan": "26fad69b34fc", "versionType": "git"}, {"status": "affected", "version": "5af75c747e2a", "lessThan": "ecf310aaf256", "versionType": "git"}, {"status": "affected", "version": "5af75c747e2a", "lessThan": "8bb8c12fb5e2", "versionType": "git"}, {"status": "affected", "version": "5af75c747e2a", "lessThan": "2bcae12c795f", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en_tx.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.227", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.168", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.113", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.55", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.14", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.3", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12-rc2", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en_tx.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/ca36d6c1a49b6965c86dd528a73f38bc62d9c625"}, {"url": "https://git.kernel.org/stable/c/ce828b347cf1b3c1b12b091d02463c35ce5097f5"}, {"url": "https://git.kernel.org/stable/c/fc357e78176945ca7bcacf92ab794b9ccd41b4f4"}, {"url": "https://git.kernel.org/stable/c/26fad69b34fcba80d5c7d9e651f628e6ac927754"}, {"url": "https://git.kernel.org/stable/c/ecf310aaf256acbc8182189fe0aa1021c3ddef72"}, {"url": "https://git.kernel.org/stable/c/8bb8c12fb5e2b1f03d603d493c92941676f109b5"}, {"url": "https://git.kernel.org/stable/c/2bcae12c795f32ddfbf8c80d1b5f1d3286341c32"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix error path in multi-packet WQE transmit\n\nRemove the erroneous unmap in case no DMA mapping was established\n\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for\nthe skb. This could fail, e.g. under memory pressure, when the IOMMU\ndriver just can't allocate more memory for page tables. While the code\ntries to handle this in the path below the err_unmap label it erroneously\nunmaps one entry from the sq's FIFO list of active mappings. Since the\ncurrent map attempt failed this unmap is removing some random DMA mapping\nthat might still be required. If the PCI function now presents that IOVA,\nthe IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI\nfunction in error state.\n\nThe erroneous behavior was seen in a stress-test environment that created\nmemory pressure."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:53:15.452Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50001", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:53:15.452Z", "dateReserved": "2024-10-21T12:17:06.058Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T18:02:40.254Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "658E9248-9CAC-4A1E-A483-039DF6CCAF8C", "versionEndExcluding": "5.10.227", "versionStartIncluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0", "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix error path in multi-packet WQE transmit\n\nRemove the erroneous unmap in case no DMA mapping was established\n\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for\nthe skb. This could fail, e.g. under memory pressure, when the IOMMU\ndriver just can't allocate more memory for page tables. While the code\ntries to handle this in the path below the err_unmap label it erroneously\nunmaps one entry from the sq's FIFO list of active mappings. Since the\ncurrent map attempt failed this unmap is removing some random DMA mapping\nthat might still be required. If the PCI function now presents that IOVA,\nthe IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI\nfunction in error state.\n\nThe erroneous behavior was seen in a stress-test environment that created\nmemory pressure."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Corregir ruta de error en transmisi\u00f3n WQE de paquetes m\u00faltiples Eliminar la desasignaci\u00f3n err\u00f3nea en caso de que no se haya establecido una asignaci\u00f3n DMA El c\u00f3digo de transmisi\u00f3n WQE de paquetes m\u00faltiples intenta obtener una asignaci\u00f3n DMA para el skb. Esto podr\u00eda fallar, por ejemplo, bajo presi\u00f3n de memoria, cuando el controlador IOMMU simplemente no puede asignar m\u00e1s memoria para las tablas de p\u00e1ginas. Si bien el c\u00f3digo intenta manejar esto en la ruta debajo de la etiqueta err_unmap, desasigna err\u00f3neamente una entrada de la lista FIFO de asignaciones activas del sq. Dado que el intento de asignaci\u00f3n actual fall\u00f3, esta desasignaci\u00f3n est\u00e1 eliminando alguna asignaci\u00f3n DMA aleatoria que a\u00fan podr\u00eda ser necesaria. Si la funci\u00f3n PCI ahora presenta ese IOVA, el IOMMU puede asumir un acceso DMA no autorizado y, por ejemplo, en s390 pone la funci\u00f3n PCI en estado de error. El comportamiento err\u00f3neo se observ\u00f3 en un entorno de prueba de estr\u00e9s que cre\u00f3 presi\u00f3n de memoria."}], "id": "CVE-2024-50001", "lastModified": "2024-10-30T21:59:44.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T18:15:20.130", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/26fad69b34fcba80d5c7d9e651f628e6ac927754"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2bcae12c795f32ddfbf8c80d1b5f1d3286341c32"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8bb8c12fb5e2b1f03d603d493c92941676f109b5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ca36d6c1a49b6965c86dd528a73f38bc62d9c625"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ce828b347cf1b3c1b12b091d02463c35ce5097f5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ecf310aaf256acbc8182189fe0aa1021c3ddef72"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fc357e78176945ca7bcacf92ab794b9ccd41b4f4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net/mlx5: Fix error path in multi-packet WQE transmit", "id": "2320568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320568"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5: Fix error path in multi-packet WQE transmit\nRemove the erroneous unmap in case no DMA mapping was established\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for\nthe skb. This could fail, e.g. under memory pressure, when the IOMMU\ndriver just can't allocate more memory for page tables. While the code\ntries to handle this in the path below the err_unmap label it erroneously\nunmaps one entry from the sq's FIFO list of active mappings. Since the\ncurrent map attempt failed this unmap is removing some random DMA mapping\nthat might still be required. If the PCI function now presents that IOVA,\nthe IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI\nfunction in error state.\nThe erroneous behavior was seen in a stress-test environment that created\nmemory pressure."], "name": "CVE-2024-50001", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-50001\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50001\nhttps://lore.kernel.org/linux-cve-announce/2024102139-CVE-2024-50001-67e4@gregkh/T"], "threat_severity": "Moderate"}