CVE-2024-57801 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloading vport rep. So, the mlx5e_rep_priv is already freed while trying to get rpriv->netdev, or walk rpriv->tc_ht, which results in use-after-free. So add the checking to make sure access the data of vport rep which is still loaded.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/3e45dd1622a2c1a83c11bf42fdd8c1810123d6c0
https://git.kernel.org/stable/c/47c78d3fc26e38ab805613a0f592dc8a820c7c64
https://git.kernel.org/stable/c/5a03b368562a7ff5f5f1f63b5adf8309cbdbd5be

History

Wed, 15 Jan 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloading vport rep. So, the mlx5e_rep_priv is already freed while trying to get rpriv->netdev, or walk rpriv->tc_ht, which results in use-after-free. So add the checking to make sure access the data of vport rep which is still loaded.
Title		net/mlx5e: Skip restore TC rules for vport rep without loaded flag
References		https://git.kernel.org/stable/c/3e45dd1622a2c1a83c11bf42fdd8c1810123d6c0 https://git.kernel.org/stable/c/47c78d3fc26e38ab805613a0f592dc8a820c7c64 https://git.kernel.org/stable/c/5a03b368562a7ff5f5f1f63b5adf8309cbdbd5be

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-01-15T13:10:24.619Z

Updated: 2025-01-15T13:10:24.619Z

Reserved: 2025-01-15T13:08:59.741Z

Link: CVE-2024-57801

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-01-15T13:15:11.713

Modified: 2025-01-15T13:15:11.713

Link: CVE-2024-57801

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-57801", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-01-15T13:08:59.741Z", "datePublished": "2025-01-15T13:10:24.619Z", "dateUpdated": "2025-01-15T13:10:24.619Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-15T13:10:24.619Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Skip restore TC rules for vport rep without loaded flag\n\nDuring driver unload, unregister_netdev is called after unloading\nvport rep. So, the mlx5e_rep_priv is already freed while trying to get\nrpriv->netdev, or walk rpriv->tc_ht, which results in use-after-free.\nSo add the checking to make sure access the data of vport rep which is\nstill loaded."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c", "drivers/net/ethernet/mellanox/mlx5/core/eswitch.h", "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c"], "versions": [{"version": "d1569537a837d66620aa7ffc2bddf918e902f227", "lessThan": "3e45dd1622a2c1a83c11bf42fdd8c1810123d6c0", "status": "affected", "versionType": "git"}, {"version": "d1569537a837d66620aa7ffc2bddf918e902f227", "lessThan": "47c78d3fc26e38ab805613a0f592dc8a820c7c64", "status": "affected", "versionType": "git"}, {"version": "d1569537a837d66620aa7ffc2bddf918e902f227", "lessThan": "5a03b368562a7ff5f5f1f63b5adf8309cbdbd5be", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c", "drivers/net/ethernet/mellanox/mlx5/core/eswitch.h", "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.70", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.9", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13-rc6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/3e45dd1622a2c1a83c11bf42fdd8c1810123d6c0"}, {"url": "https://git.kernel.org/stable/c/47c78d3fc26e38ab805613a0f592dc8a820c7c64"}, {"url": "https://git.kernel.org/stable/c/5a03b368562a7ff5f5f1f63b5adf8309cbdbd5be"}], "title": "net/mlx5e: Skip restore TC rules for vport rep without loaded flag", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}