CVE-2024-40940

In case of flow rule creation fail in mlx5lagcreateportsel_table(), instead of previously created rules, the tainted pointer is deleted deveral times. Fix this bug by using correct flow rules pointers.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

352899f384d4aefa77ede6310d08c1b515612a8f

Fixed

531eab2da27dd42d68dfb841d82e987f4a6738b8

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

352899f384d4aefa77ede6310d08c1b515612a8f

Fixed

d857df86837ac1c30592e8a068204d16feac9930

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

352899f384d4aefa77ede6310d08c1b515612a8f

Fixed

a03a3fa12769e25f4385bee587afe1445aee7f7a

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

352899f384d4aefa77ede6310d08c1b515612a8f

Fixed

229bedbf62b13af5aba6525ad10b62ad38d9ccb5

Affected versions

v5.*

v5.18

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.39

v6.1.4

v6.1.40

v6.1.41

v6.1.42

v6.1.43

v6.1.44

v6.1.45

v6.1.46

v6.1.47

v6.1.48

v6.1.49

v6.1.5

v6.1.50

v6.1.51

v6.1.52

v6.1.53

v6.1.54

v6.1.55

v6.1.56

v6.1.57

v6.1.58

v6.1.59

v6.1.6

v6.1.60

v6.1.61

v6.1.62

v6.1.63

v6.1.64

v6.1.65

v6.1.66

v6.1.67

v6.1.68

v6.1.69

v6.1.7

v6.1.70

v6.1.71

v6.1.72

v6.1.73

v6.1.74

v6.1.75

v6.1.76

v6.1.77

v6.1.78

v6.1.79

v6.1.8

v6.1.80

v6.1.81

v6.1.82

v6.1.83

v6.1.84

v6.1.85

v6.1.86

v6.1.87

v6.1.88

v6.1.89

v6.1.9

v6.1.90

v6.1.91

v6.1.92

v6.1.93

v6.1.94

v6.10-rc1

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v6.9.5

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-40940-04f0d33b",
        "signature_version": "v1",
        "digest": {
            "length": 1670.0,
            "function_hash": "25286271356143379480414449222168807066"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@531eab2da27dd42d68dfb841d82e987f4a6738b8",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c",
            "function": "mlx5_lag_create_port_sel_table"
        }
    },
    {
        "id": "CVE-2024-40940-18ab5213",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "115654919120744388173248131798181666502",
                "174071972506420511639088922674819025097",
                "129816357666325647508321452052290901961",
                "126326365162461214251149095675316810564",
                "212582191695053077822580049986792791773",
                "276058791699922885462465016116288780369"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a03a3fa12769e25f4385bee587afe1445aee7f7a",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c"
        }
    },
    {
        "id": "CVE-2024-40940-39ad7cc2",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "115654919120744388173248131798181666502",
                "174071972506420511639088922674819025097",
                "129816357666325647508321452052290901961",
                "126326365162461214251149095675316810564",
                "212582191695053077822580049986792791773",
                "276058791699922885462465016116288780369"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@229bedbf62b13af5aba6525ad10b62ad38d9ccb5",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c"
        }
    },
    {
        "id": "CVE-2024-40940-4612f205",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "115654919120744388173248131798181666502",
                "174071972506420511639088922674819025097",
                "129816357666325647508321452052290901961",
                "126326365162461214251149095675316810564",
                "212582191695053077822580049986792791773",
                "276058791699922885462465016116288780369"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d857df86837ac1c30592e8a068204d16feac9930",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c"
        }
    },
    {
        "id": "CVE-2024-40940-7017fb5c",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "115654919120744388173248131798181666502",
                "174071972506420511639088922674819025097",
                "129816357666325647508321452052290901961",
                "126326365162461214251149095675316810564",
                "212582191695053077822580049986792791773",
                "276058791699922885462465016116288780369"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@531eab2da27dd42d68dfb841d82e987f4a6738b8",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c"
        }
    },
    {
        "id": "CVE-2024-40940-a0d37aef",
        "signature_version": "v1",
        "digest": {
            "length": 1670.0,
            "function_hash": "25286271356143379480414449222168807066"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d857df86837ac1c30592e8a068204d16feac9930",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c",
            "function": "mlx5_lag_create_port_sel_table"
        }
    },
    {
        "id": "CVE-2024-40940-a546f26e",
        "signature_version": "v1",
        "digest": {
            "length": 1670.0,
            "function_hash": "25286271356143379480414449222168807066"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@229bedbf62b13af5aba6525ad10b62ad38d9ccb5",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c",
            "function": "mlx5_lag_create_port_sel_table"
        }
    },
    {
        "id": "CVE-2024-40940-e85bcc49",
        "signature_version": "v1",
        "digest": {
            "length": 1670.0,
            "function_hash": "25286271356143379480414449222168807066"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a03a3fa12769e25f4385bee587afe1445aee7f7a",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c",
            "function": "mlx5_lag_create_port_sel_table"
        }
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.19.0

Fixed

6.1.95

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.35

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.9.6