CVE-2024-42142
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-42142
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42142.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-42142
- Downstream
- Related
- Published
- 2024-07-30T07:46:35.929Z
- Modified
- 2025-11-20T05:46:13.572927Z
- Summary
- net/mlx5: E-switch, Create ingress ACL when needed
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: E-switch, Create ingress ACL when needed
Currently, ingress acl is used for three features. It is created only when vport metadata match and prio tag are enabled. But active-backup lag mode also uses it. It is independent of vport metadata match and prio tag. And vport metadata match can be disabled using the following devlink command:
# devlink dev param set pci/0000:08:00.0 name eswportmetadata \ value false cmode runtime
If ingress acl is not created, will hit panic when creating drop rule for active-backup lag mode. If always create it, there will be about 5% performance degradation.
Fix it by creating ingress acl when needed. If eswportmetadata is true, ingress acl exists, then create drop rule using existing ingress acl. If eswportmetadata is false, create ingress acl and then create drop rule.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3e3551f8702978cd2221d2614ca6d6727e785324
- https://git.kernel.org/stable/c/83bc1a129f7fd0d7d05036ceb7ee69102624e320
- https://git.kernel.org/stable/c/b20c2fb45470d0c7a603613c9cfa5d45720e17f2
- https://git.kernel.org/stable/c/bc3ff8d3c05044de57865ebbb78cca8f7da3e595
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1749c4c51c16e3e078faae0a876d01bafb187a74Fixedbc3ff8d3c05044de57865ebbb78cca8f7da3e595
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1749c4c51c16e3e078faae0a876d01bafb187a74Fixed3e3551f8702978cd2221d2614ca6d6727e785324
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1749c4c51c16e3e078faae0a876d01bafb187a74Fixed83bc1a129f7fd0d7d05036ceb7ee69102624e320
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1749c4c51c16e3e078faae0a876d01bafb187a74Fixedb20c2fb45470d0c7a603613c9cfa5d45720e17f2
Affected versions
v5.*
v5.17
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7
v6.9.8
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c",
"function": "esw_acl_ingress_src_port_drop_create"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3e3551f8702978cd2221d2614ca6d6727e785324",
"digest": {
"length": 442.0,
"function_hash": "325006601776650110169287295632238286290"
},
"id": "CVE-2024-42142-0f95219c"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c",
"function": "esw_acl_ingress_src_port_drop_create"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bc3ff8d3c05044de57865ebbb78cca8f7da3e595",
"digest": {
"length": 442.0,
"function_hash": "325006601776650110169287295632238286290"
},
"id": "CVE-2024-42142-3255ab77"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c",
"function": "esw_acl_ingress_ofld_setup"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bc3ff8d3c05044de57865ebbb78cca8f7da3e595",
"digest": {
"length": 833.0,
"function_hash": "21191204161646357910054972490057372145"
},
"id": "CVE-2024-42142-3450dd9c"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bc3ff8d3c05044de57865ebbb78cca8f7da3e595",
"digest": {
"line_hashes": [
"33351442920846663225577037990667422909",
"333066359996248460836443472428573945767",
"306695410382636242024059471247048373596",
"157320683446816334939961841648130730308",
"286402769078596223251698330285638659470",
"305314421443730750967323586282573055044",
"123093605059438553005973919575735972664",
"225320969359100925179367903373493577011",
"278894632901774336586460331306145732924",
"300778312348194928475399700609197951834",
"103455162186633268504931736649471913024",
"241687989276396466134014884579405960212",
"7745651779992194333159294202159211643",
"144837349564846677626655552422284737500",
"138069296204488530521902307905896610418",
"101857252022498396990656890763533971558",
"249715397915753729960512979412164311083",
"291120831399750160941739747258070379674",
"24959310995135167337601713093044222017",
"177771893748604242233861395966172971277",
"157660787602095957097441812812169139142",
"313783136932387777370128977988868959693",
"247706041336482678292122164530095424760",
"250898937744720794643855970490494185756",
"278170404188861750562572223892713064631",
"178579157292760998999749941378434147160",
"273665854618948786820156692815161302675",
"104421257854326925143177026794329917155",
"46331284598401912866443014061951365348",
"167152760335004759539530705097801994657",
"307084181247398712249453291070552383342"
],
"threshold": 0.9
},
"id": "CVE-2024-42142-488d24c4"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c",
"function": "esw_acl_ingress_src_port_drop_create"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@83bc1a129f7fd0d7d05036ceb7ee69102624e320",
"digest": {
"length": 442.0,
"function_hash": "325006601776650110169287295632238286290"
},
"id": "CVE-2024-42142-5eae6077"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c",
"function": "esw_acl_ingress_ofld_setup"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b20c2fb45470d0c7a603613c9cfa5d45720e17f2",
"digest": {
"length": 833.0,
"function_hash": "21191204161646357910054972490057372145"
},
"id": "CVE-2024-42142-60f3b12f"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c",
"function": "esw_acl_ingress_src_port_drop_create"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b20c2fb45470d0c7a603613c9cfa5d45720e17f2",
"digest": {
"length": 442.0,
"function_hash": "325006601776650110169287295632238286290"
},
"id": "CVE-2024-42142-7279b6c2"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3e3551f8702978cd2221d2614ca6d6727e785324",
"digest": {
"line_hashes": [
"33351442920846663225577037990667422909",
"333066359996248460836443472428573945767",
"306695410382636242024059471247048373596",
"157320683446816334939961841648130730308",
"286402769078596223251698330285638659470",
"305314421443730750967323586282573055044",
"123093605059438553005973919575735972664",
"225320969359100925179367903373493577011",
"278894632901774336586460331306145732924",
"300778312348194928475399700609197951834",
"103455162186633268504931736649471913024",
"241687989276396466134014884579405960212",
"7745651779992194333159294202159211643",
"144837349564846677626655552422284737500",
"138069296204488530521902307905896610418",
"101857252022498396990656890763533971558",
"249715397915753729960512979412164311083",
"291120831399750160941739747258070379674",
"24959310995135167337601713093044222017",
"177771893748604242233861395966172971277",
"157660787602095957097441812812169139142",
"313783136932387777370128977988868959693",
"247706041336482678292122164530095424760",
"250898937744720794643855970490494185756",
"278170404188861750562572223892713064631",
"178579157292760998999749941378434147160",
"273665854618948786820156692815161302675",
"104421257854326925143177026794329917155",
"46331284598401912866443014061951365348",
"167152760335004759539530705097801994657",
"307084181247398712249453291070552383342"
],
"threshold": 0.9
},
"id": "CVE-2024-42142-915d1ad5"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@83bc1a129f7fd0d7d05036ceb7ee69102624e320",
"digest": {
"line_hashes": [
"33351442920846663225577037990667422909",
"333066359996248460836443472428573945767",
"306695410382636242024059471247048373596",
"157320683446816334939961841648130730308",
"286402769078596223251698330285638659470",
"305314421443730750967323586282573055044",
"123093605059438553005973919575735972664",
"225320969359100925179367903373493577011",
"278894632901774336586460331306145732924",
"300778312348194928475399700609197951834",
"103455162186633268504931736649471913024",
"241687989276396466134014884579405960212",
"7745651779992194333159294202159211643",
"144837349564846677626655552422284737500",
"138069296204488530521902307905896610418",
"101857252022498396990656890763533971558",
"249715397915753729960512979412164311083",
"291120831399750160941739747258070379674",
"24959310995135167337601713093044222017",
"177771893748604242233861395966172971277",
"157660787602095957097441812812169139142",
"313783136932387777370128977988868959693",
"247706041336482678292122164530095424760",
"250898937744720794643855970490494185756",
"278170404188861750562572223892713064631",
"178579157292760998999749941378434147160",
"273665854618948786820156692815161302675",
"104421257854326925143177026794329917155",
"46331284598401912866443014061951365348",
"167152760335004759539530705097801994657",
"307084181247398712249453291070552383342"
],
"threshold": 0.9
},
"id": "CVE-2024-42142-b313001a"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b20c2fb45470d0c7a603613c9cfa5d45720e17f2",
"digest": {
"line_hashes": [
"33351442920846663225577037990667422909",
"333066359996248460836443472428573945767",
"306695410382636242024059471247048373596",
"157320683446816334939961841648130730308",
"286402769078596223251698330285638659470",
"305314421443730750967323586282573055044",
"123093605059438553005973919575735972664",
"225320969359100925179367903373493577011",
"278894632901774336586460331306145732924",
"300778312348194928475399700609197951834",
"103455162186633268504931736649471913024",
"241687989276396466134014884579405960212",
"7745651779992194333159294202159211643",
"144837349564846677626655552422284737500",
"138069296204488530521902307905896610418",
"101857252022498396990656890763533971558",
"249715397915753729960512979412164311083",
"291120831399750160941739747258070379674",
"24959310995135167337601713093044222017",
"177771893748604242233861395966172971277",
"157660787602095957097441812812169139142",
"313783136932387777370128977988868959693",
"247706041336482678292122164530095424760",
"250898937744720794643855970490494185756",
"278170404188861750562572223892713064631",
"178579157292760998999749941378434147160",
"273665854618948786820156692815161302675",
"104421257854326925143177026794329917155",
"46331284598401912866443014061951365348",
"167152760335004759539530705097801994657",
"307084181247398712249453291070552383342"
],
"threshold": 0.9
},
"id": "CVE-2024-42142-c03b7c16"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c",
"function": "esw_acl_ingress_ofld_setup"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@83bc1a129f7fd0d7d05036ceb7ee69102624e320",
"digest": {
"length": 833.0,
"function_hash": "21191204161646357910054972490057372145"
},
"id": "CVE-2024-42142-c17bf2e4"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c",
"function": "esw_acl_ingress_ofld_setup"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3e3551f8702978cd2221d2614ca6d6727e785324",
"digest": {
"length": 833.0,
"function_hash": "21191204161646357910054972490057372145"
},
"id": "CVE-2024-42142-c40ee7e0"
}
]