Bug 2320568 (CVE-2024-50001) - CVE-2024-50001 kernel: net/mlx5: Fix error path in multi-packet WQE transmit
Summary: CVE-2024-50001 kernel: net/mlx5: Fix error path in multi-packet WQE transmit
Keywords:
Status: NEW
Alias: CVE-2024-50001
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2321023
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-21 19:11 UTC by OSIDB Bzimport
Modified: 2024-12-16 12:46 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-10-21 19:11:28 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix error path in multi-packet WQE transmit

Remove the erroneous unmap in case no DMA mapping was established

The multi-packet WQE transmit code attempts to obtain a DMA mapping for
the skb. This could fail, e.g. under memory pressure, when the IOMMU
driver just can't allocate more memory for page tables. While the code
tries to handle this in the path below the err_unmap label it erroneously
unmaps one entry from the sq's FIFO list of active mappings. Since the
current map attempt failed this unmap is removing some random DMA mapping
that might still be required. If the PCI function now presents that IOVA,
the IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI
function in error state.

The erroneous behavior was seen in a stress-test environment that created
memory pressure.
Comment 1 Robb Gatica 2024-10-22 16:22:15 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102139-CVE-2024-50001-67e4@gregkh/T
Comment 2 Avinash Hanwate 2024-10-23 03:58:58 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102139-CVE-2024-50001-67e4@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.