| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024120452-CVE-2024-53138-1849@gregkh>
Date: Wed, 4 Dec 2024 15:21:01 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: kTLS, Fix incorrect page refcounting
The kTLS tx handling code is using a mix of get_page() and
page_ref_inc() APIs to increment the page reference. But on the release
path (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used.
This is an issue when using pages from large folios: the get_page()
references are stored on the folio page while the page_ref_inc()
references are stored directly in the given page. On release the folio
page will be dereferenced too many times.
This was found while doing kTLS testing with sendfile() + ZC when the
served file was read from NFS on a kernel with NFS large folios support
(commit 49b29a573da8 ("nfs: add support for large folios")).
The Linux kernel CVE team has assigned CVE-2024-53138 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.4 with commit 84d1bb2b139e and fixed in 6.1.119 with commit 69fbd07f17b0
Issue introduced in 5.4 with commit 84d1bb2b139e and fixed in 6.6.63 with commit 93a14620b97c
Issue introduced in 5.4 with commit 84d1bb2b139e and fixed in 6.11.10 with commit 2723e8b2cbd4
Issue introduced in 5.4 with commit 84d1bb2b139e and fixed in 6.12 with commit dd6e972cc589
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-53138
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/69fbd07f17b0fdaf8970bc705f5bf115c297839d
https://git.kernel.org/stable/c/93a14620b97c911489a5b008782f3d9b0c4aeff4
https://git.kernel.org/stable/c/2723e8b2cbd486cb96e5a61b22473f7fd62e18df
https://git.kernel.org/stable/c/dd6e972cc5890d91d6749bb48e3912721c4e4b25
Powered by blists - more mailing lists