Bug 2265645 (CVE-2024-26586)
Summary: | CVE-2024-26586 kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, sukulkar, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 6.8-rc1, kernel 6.7.2, kernel 6.6.14, kernel 5.15.148, kernel 5.10.209, kernel 5.4.268 | Doc Type: | If docs needed, set a value |
Doc Text: |
A kernel stack flaw that corrupted the Linux kernel’s Mellanox Technologies Spectrum Ethernet driver was found when a user initialized more than 16 access control lists (ACLs). This flaw allows a local user to crash or potentially escalate their privileges on the system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2265665 | ||
Bug Blocks: | 2265643 |
Description
Patrick Del Bello
2024-02-23 13:45:11 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2265665] Issue introduced in 4.19 with commit c3ab435466d5 and fixed in 5.10.209 with commit 56750ea5d154 Issue introduced in 4.19 with commit c3ab435466d5 and fixed in 5.15.148 with commit 348112522a35 Issue introduced in 4.19 with commit c3ab435466d5 and fixed in 6.6.14 with commit 2f5e15657404 Issue introduced in 4.19 with commit c3ab435466d5 and fixed in 6.7.2 with commit a361c2c1da5d Issue introduced in 4.19 with commit c3ab435466d5 and fixed in 6.8-rc1 with commit 483ae90d8f97 This was fixed for Fedora with the 6.6.14 stable kernel updates. This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1882 https://access.redhat.com/errata/RHSA-2024:1882 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1881 https://access.redhat.com/errata/RHSA-2024:1881 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2024:2008 https://access.redhat.com/errata/RHSA-2024:2008 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Telecommunications Update Service Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2024:2006 https://access.redhat.com/errata/RHSA-2024:2006 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:2585 https://access.redhat.com/errata/RHSA-2024:2585 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:2582 https://access.redhat.com/errata/RHSA-2024:2582 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:2674 https://access.redhat.com/errata/RHSA-2024:2674 |