{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53138", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:24.996Z", "datePublished": "2024-12-04T14:20:43.395Z", "dateUpdated": "2024-12-19T09:40:07.399Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:40:07.399Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: kTLS, Fix incorrect page refcounting\n\nThe kTLS tx handling code is using a mix of get_page() and\npage_ref_inc() APIs to increment the page reference. But on the release\npath (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used.\n\nThis is an issue when using pages from large folios: the get_page()\nreferences are stored on the folio page while the page_ref_inc()\nreferences are stored directly in the given page. On release the folio\npage will be dereferenced too many times.\n\nThis was found while doing kTLS testing with sendfile() + ZC when the\nserved file was read from NFS on a kernel with NFS large folios support\n(commit 49b29a573da8 (\"nfs: add support for large folios\"))."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c"], "versions": [{"version": "84d1bb2b139e0184b1754aa1b5776186b475fce8", "lessThan": "a0ddb20a748b122ea86003485f7992fa5e84cc95", "status": "affected", "versionType": "git"}, {"version": "84d1bb2b139e0184b1754aa1b5776186b475fce8", "lessThan": "ffad2ac8c859c1c1a981fe9c4f7ff925db684a43", "status": "affected", "versionType": "git"}, {"version": "84d1bb2b139e0184b1754aa1b5776186b475fce8", "lessThan": "c7b97f9e794d8e2bbaa50e1d6c230196fd214b5e", "status": "affected", "versionType": "git"}, {"version": "84d1bb2b139e0184b1754aa1b5776186b475fce8", "lessThan": "69fbd07f17b0fdaf8970bc705f5bf115c297839d", "status": "affected", "versionType": "git"}, {"version": "84d1bb2b139e0184b1754aa1b5776186b475fce8", "lessThan": "93a14620b97c911489a5b008782f3d9b0c4aeff4", "status": "affected", "versionType": "git"}, {"version": "84d1bb2b139e0184b1754aa1b5776186b475fce8", "lessThan": "2723e8b2cbd486cb96e5a61b22473f7fd62e18df", "status": "affected", "versionType": "git"}, {"version": "84d1bb2b139e0184b1754aa1b5776186b475fce8", "lessThan": "dd6e972cc5890d91d6749bb48e3912721c4e4b25", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c"], "versions": [{"version": "5.4", "status": "affected"}, {"version": "0", "lessThan": "5.4", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.287", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.231", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.174", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.119", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.63", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.10", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/a0ddb20a748b122ea86003485f7992fa5e84cc95"}, {"url": "https://git.kernel.org/stable/c/ffad2ac8c859c1c1a981fe9c4f7ff925db684a43"}, {"url": "https://git.kernel.org/stable/c/c7b97f9e794d8e2bbaa50e1d6c230196fd214b5e"}, {"url": "https://git.kernel.org/stable/c/69fbd07f17b0fdaf8970bc705f5bf115c297839d"}, {"url": "https://git.kernel.org/stable/c/93a14620b97c911489a5b008782f3d9b0c4aeff4"}, {"url": "https://git.kernel.org/stable/c/2723e8b2cbd486cb96e5a61b22473f7fd62e18df"}, {"url": "https://git.kernel.org/stable/c/dd6e972cc5890d91d6749bb48e3912721c4e4b25"}], "title": "net/mlx5e: kTLS, Fix incorrect page refcounting", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "56055120-91DC-4FB3-811E-77C96E66E078", "versionEndExcluding": "6.1.119", "versionStartIncluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8800BB45-48BC-4B52-BDA5-B1E4633F42E5", "versionEndExcluding": "6.6.63", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A", "versionEndExcluding": "6.11.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*", "matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: kTLS, Fix incorrect page refcounting\n\nThe kTLS tx handling code is using a mix of get_page() and\npage_ref_inc() APIs to increment the page reference. But on the release\npath (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used.\n\nThis is an issue when using pages from large folios: the get_page()\nreferences are stored on the folio page while the page_ref_inc()\nreferences are stored directly in the given page. On release the folio\npage will be dereferenced too many times.\n\nThis was found while doing kTLS testing with sendfile() + ZC when the\nserved file was read from NFS on a kernel with NFS large folios support\n(commit 49b29a573da8 (\"nfs: add support for large folios\"))."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: kTLS, Fix wrong page refcounting El c\u00f3digo de manejo de tx de kTLS usa una combinaci\u00f3n de API get_page() y page_ref_inc() para incrementar la referencia de p\u00e1gina. Pero en la ruta de lanzamiento (mlx5e_ktls_tx_handle_resync_dump_comp()), solo se usa put_page(). Este es un problema cuando se usan p\u00e1ginas de folios grandes: las referencias get_page() se almacenan en la p\u00e1gina del folio mientras que las referencias page_ref_inc() se almacenan directamente en la p\u00e1gina dada. En el lanzamiento, la p\u00e1gina del folio se desreferenciar\u00e1 demasiadas veces. Esto se encontr\u00f3 al hacer pruebas de kTLS con sendfile() + ZC cuando el archivo servido se ley\u00f3 desde NFS en un kernel con soporte para folios grandes de NFS (commit 49b29a573da8 (\"nfs: agregar soporte para folios grandes\"))."}], "id": "CVE-2024-53138", "lastModified": "2024-12-14T21:15:38.140", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-04T15:15:13.983", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2723e8b2cbd486cb96e5a61b22473f7fd62e18df"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/69fbd07f17b0fdaf8970bc705f5bf115c297839d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/93a14620b97c911489a5b008782f3d9b0c4aeff4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a0ddb20a748b122ea86003485f7992fa5e84cc95"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c7b97f9e794d8e2bbaa50e1d6c230196fd214b5e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dd6e972cc5890d91d6749bb48e3912721c4e4b25"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ffad2ac8c859c1c1a981fe9c4f7ff925db684a43"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net/mlx5e: kTLS, Fix incorrect page refcounting", "id": "2330344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330344"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5e: kTLS, Fix incorrect page refcounting\nThe kTLS tx handling code is using a mix of get_page() and\npage_ref_inc() APIs to increment the page reference. But on the release\npath (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used.\nThis is an issue when using pages from large folios: the get_page()\nreferences are stored on the folio page while the page_ref_inc()\nreferences are stored directly in the given page. On release the folio\npage will be dereferenced too many times.\nThis was found while doing kTLS testing with sendfile() + ZC when the\nserved file was read from NFS on a kernel with NFS large folios support\n(commit 49b29a573da8 (\"nfs: add support for large folios\"))."], "name": "CVE-2024-53138", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53138\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53138\nhttps://lore.kernel.org/linux-cve-announce/2024120452-CVE-2024-53138-1849@gregkh/T"], "threat_severity": "Moderate"}