CVE-2024-47687

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47687
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47687.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47687
Related
Published
2024-10-21T12:15:05Z
Modified
2024-10-23T16:50:09.149028Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

vdpa/mlx5: Fix invalid mr resource destroy

Certain error paths from mlx5vdpadev_add() can end up releasing mr resources which never got initialized in the first place.

This patch adds the missing check in mlx5vdpadestroymrresources() to block releasing non-initialized mr resources.

Reference trace:

mlx5core 0000:08:00.2: mlx5vdpadevadd:3274:(pid 2700) warning: No mac address provisioned? BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page PGD 140216067 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 8 PID: 2700 Comm: vdpa Kdump: loaded Not tainted 5.14.0-496.el9.x8664 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:vhostiotlbdelrange+0xf/0xe0 [vhostiotlb] Code: [...] RSP: 0018:ff1c823ac23077f0 EFLAGS: 00010246 RAX: ffffffffc1a21a60 RBX: ffffffff899567a0 RCX: 0000000000000000 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000000000000 RBP: ff1bda1f7c21e800 R08: 0000000000000000 R09: ff1c823ac2307670 R10: ff1c823ac2307668 R11: ffffffff8a9e7b68 R12: 0000000000000000 R13: 0000000000000000 R14: ff1bda1f43e341a0 R15: 00000000ffffffea FS: 00007f56eba7c740(0000) GS:ff1bda269f800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000104d90001 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace:

? showtraceloglvl+0x1c4/0x2df ? showtraceloglvl+0x1c4/0x2df ? mlx5vdpafree+0x3d/0x150 [mlx5vdpa] ? _diebody.cold+0x8/0xd ? pagefaultoops+0x134/0x170 ? _irqworkqueuelocal+0x2b/0xc0 ? irqworkqueue+0x2c/0x50 ? excpagefault+0x62/0x150 ? asmexcpagefault+0x22/0x30 ? _pfxmlx5vdpafree+0x10/0x10 [mlx5vdpa] ? vhostiotlbdelrange+0xf/0xe0 [vhostiotlb] mlx5vdpafree+0x3d/0x150 [mlx5vdpa] vdpareleasedev+0x1e/0x50 [vdpa] devicerelease+0x31/0x90 kobjectcleanup+0x37/0x130 mlx5vdpadevadd+0x2d2/0x7a0 [mlx5vdpa] vdpanlcmddevaddsetdoit+0x277/0x4c0 [vdpa] genlfamilyrcvmsgdoit+0xd9/0x130 genlfamilyrcvmsg+0x14d/0x220 ? _pfxvdpanlcmddevaddsetdoit+0x10/0x10 [vdpa] ? _copytouser+0x1a/0x30 ? moveaddrtouser+0x4b/0xe0 genlrcvmsg+0x47/0xa0 ? _importiovec+0x46/0x150 ? _pfxgenlrcvmsg+0x10/0x10 netlinkrcvskb+0x54/0x100 genlrcv+0x24/0x40 netlinkunicast+0x245/0x370 netlinksendmsg+0x206/0x440 _syssendto+0x1dc/0x1f0 ? doreadfault+0x10c/0x1d0 ? doptemissing+0x10d/0x190 _x64syssendto+0x20/0x30 dosyscall64+0x5c/0xf0 ? _countmemcgevents+0x4f/0xb0 ? mmaccountfault+0x6c/0x100 ? handlemmfault+0x116/0x270 ? douseraddrfault+0x1d6/0x6a0 ? dosyscall64+0x6b/0xf0 ? clearbhbloop+0x25/0x80 ? clearbhbloop+0x25/0x80 ? clearbhbloop+0x25/0x80 ? clearbhbloop+0x25/0x80 ? clearbhbloop+0x25/0x80 entrySYSCALL64afterhwframe+0x78/0x80

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.11.2-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.1.112-1
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1
6.6.8-1
6.6.9-1
6.6.11-1
6.6.13-1~bpo12+1
6.6.13-1
6.6.15-1
6.6.15-2
6.7-1~exp1
6.7.1-1~exp1
6.7.4-1~exp1
6.7.7-1
6.7.9-1
6.7.9-2
6.7.12-1~bpo12+1
6.7.12-1
6.8.9-1
6.8.11-1
6.8.12-1~bpo12+1
6.8.12-1
6.9.2-1~exp1
6.9.7-1~bpo12+1
6.9.7-1
6.9.8-1
6.9.9-1
6.9.10-1~bpo12+1
6.9.10-1
6.9.11-1
6.9.12-1
6.10-1~exp1
6.10.1-1~exp1
6.10.3-1
6.10.4-1
6.10.6-1~bpo12+1
6.10.6-1
6.10.7-1
6.10.9-1
6.10.11-1~bpo12+1
6.10.11-1
6.10.12-1
6.11~rc4-1~exp1
6.11~rc5-1~exp1
6.11-1~exp1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}