CVE-2024-45017

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45017
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45017.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45017
Related
Published
2024-09-11T16:15:06Z
Modified
2024-09-18T03:26:37.970590Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix IPsec RoCE MPV trace call

Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec.

WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 downread+0x75/0x94 Modules linked in: esp4offload esp4 actmirred actvlan clsflower schingress mlx5vdpa vringh vhostiotlb vdpa mstpciconf(OE) nfsv3 nfsacl nfs lockd grace fscache netfs xtCHECKSUM xtMASQUERADE xtconntrack iptREJECT nfrejectipv4 nftcompat nftcounter nftchainnat nfnat nfconntrack nfdefragipv6 nfdefragipv4 rfkill cuse fuse rpcrdma sunrpc rdmaucm ibsrpt ibisert iscsitargetmod targetcoremod ibumad ibiser libiscsi scsitransportiscsi rdmacm ibipoib iwcm ibcm ipmissif intelraplmsr intelraplcommon amd64edac edacmceamd kvmamd kvm irqbypass crct10difpclmul crc32pclmul mlx5ib ghashclmulniintel sha1ssse3 dellsmbios ibuverbs aesniintel cryptosimd dcdbas wmibmof dellwmidescriptor cryptd pcspkr ibcore acpiipmi sp5100tco ccp i2cpiix4 ipmisi ptdma k10temp ipmidevintf ipmimsghandler acpipowermeter acpicpufreq ext4 mbcache jbd2 sdmod t10pi sg mgag200 drmkmshelper syscopyarea sysfillrect mlx5core sysimgblt fbsysfops cec ahci libahci mlxfw drm pcihypervintf libata tg3 sha256ssse3 tls megaraidsas i2calgobit psample wmi dmmirror dmregionhash dmlog dmmod [last unloaded: mstpci] CPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7u3updatev6.6ipsecbf.x8664 #2 Hardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021 Workqueue: events xfrmstategctask RIP: 0010:downread+0x75/0x94 Code: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0 RSP: 0018:ffffb26387773da8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000 RBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540 R13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905 FS: 0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0 Call Trace: <TASK> ? showtraceloglvl+0x1d6/0x2f9 ? showtraceloglvl+0x1d6/0x2f9 ? mlx5devcomforeachpeerbegin+0x29/0x60 [mlx5core] ? downread+0x75/0x94 ? warn+0x80/0x113 ? downread+0x75/0x94 ? reportbug+0xa4/0x11d ? handlebug+0x35/0x8b ? excinvalidop+0x14/0x75 ? asmexcinvalidop+0x16/0x1b ? downread+0x75/0x94 ? downread+0xe/0x94 mlx5devcomforeachpeerbegin+0x29/0x60 [mlx5core] mlx5ipsecfsrocetxdestroy+0xb1/0x130 [mlx5core] txdestroy+0x1b/0xc0 [mlx5core] txftput+0x53/0xc0 [mlx5core] mlx5exfrmfreestate+0x45/0x90 [mlx5core] xfrmstatedestroy+0x10f/0x1a2 xfrmstategctask+0x81/0xa9 processonework+0x1f1/0x3c6 workerthread+0x53/0x3e4 ? processonework.cold+0x46/0x3c kthread+0x127/0x144 ? setkthreadstruct+0x60/0x52 retfrom_fork+0x22/0x2d </TASK> ---[ end trace 5ef7896144d398e1 ]---

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.10.7-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1
6.6.8-1
6.6.9-1
6.6.11-1
6.6.13-1~bpo12+1
6.6.13-1
6.6.15-1
6.6.15-2
6.7-1~exp1
6.7.1-1~exp1
6.7.4-1~exp1
6.7.7-1
6.7.9-1
6.7.9-2
6.7.12-1~bpo12+1
6.7.12-1
6.8.9-1
6.8.11-1
6.8.12-1~bpo12+1
6.8.12-1
6.9.2-1~exp1
6.9.7-1~bpo12+1
6.9.7-1
6.9.8-1
6.9.9-1
6.9.10-1~bpo12+1
6.9.10-1
6.9.11-1
6.9.12-1
6.10-1~exp1
6.10.1-1~exp1
6.10.3-1
6.10.4-1
6.10.6-1~bpo12+1
6.10.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}