Bug 2313132 (CVE-2024-46784) - CVE-2024-46784 kernel: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
Summary: CVE-2024-46784 kernel: net: mana: Fix error handling in mana_create_txq/rxq&#...
Keywords:
Status: NEW
Alias: CVE-2024-46784
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2313254
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-18 08:22 UTC by OSIDB Bzimport
Modified: 2024-09-18 12:24 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-09-18 08:22:57 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup

Currently napi_disable() gets called during rxq and txq cleanup,
even before napi is enabled and hrtimer is initialized. It causes
kernel panic.

? page_fault_oops+0x136/0x2b0
  ? page_counter_cancel+0x2e/0x80
  ? do_user_addr_fault+0x2f2/0x640
  ? refill_obj_stock+0xc4/0x110
  ? exc_page_fault+0x71/0x160
  ? asm_exc_page_fault+0x27/0x30
  ? __mmdrop+0x10/0x180
  ? __mmdrop+0xec/0x180
  ? hrtimer_active+0xd/0x50
  hrtimer_try_to_cancel+0x2c/0xf0
  hrtimer_cancel+0x15/0x30
  napi_disable+0x65/0x90
  mana_destroy_rxq+0x4c/0x2f0
  mana_create_rxq.isra.0+0x56c/0x6d0
  ? mana_uncfg_vport+0x50/0x50
  mana_alloc_queues+0x21b/0x320
  ? skb_dequeue+0x5f/0x80
Comment 1 Michal Findra 2024-09-18 11:56:08 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.