| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024061949-CVE-2024-38544-601b@gregkh> Date: Wed, 19 Jun 2024 15:35:53 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-38544: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt Description =========== In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt In rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the resp_pkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb is dereferenced to bump a 'hw' performance counter. This is wrong because if the completer task is already running in a separate thread it may have already processed the skb and freed it which can cause a seg fault. This has been observed infrequently in testing at high scale. This patch fixes this by changing the order of enqueuing the packet until after the counter is accessed. The Linux kernel CVE team has assigned CVE-2024-38544 to this issue. Affected and fixed versions =========================== Issue introduced in 4.12 with commit 0b1e5b99a48b and fixed in 6.1.93 with commit faa8d0ecf6c9 Issue introduced in 4.12 with commit 0b1e5b99a48b and fixed in 6.6.33 with commit 21b4c6d4d890 Issue introduced in 4.12 with commit 0b1e5b99a48b and fixed in 6.8.12 with commit bbad88f111a1 Issue introduced in 4.12 with commit 0b1e5b99a48b and fixed in 6.9.3 with commit 30df4bef8b8e Issue introduced in 4.12 with commit 0b1e5b99a48b and fixed in 6.10-rc1 with commit 2b23b6097303 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-38544 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/infiniband/sw/rxe/rxe_comp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/faa8d0ecf6c9c7c2ace3ca3e552180ada6f75e19 https://git.kernel.org/stable/c/21b4c6d4d89030fd4657a8e7c8110fd941049794 https://git.kernel.org/stable/c/bbad88f111a1829f366c189aa48e7e58e57553fc https://git.kernel.org/stable/c/30df4bef8b8e183333e9b6e9d4509d552c7da6eb https://git.kernel.org/stable/c/2b23b6097303ed0ba5f4bc036a1c07b6027af5c6
Powered by blists - more mailing lists