CVE-2024-50296
Vulnerability from cvelistv5
Published
2024-11-19 01:30
Modified
2024-11-19 01:30
Severity ?
EPSS score ?
Summary
net: hns3: fix kernel crash when uninstalling driver
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hnae3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a0df055775f3",
"status": "affected",
"version": "b06ad258e013",
"versionType": "git"
},
{
"lessThan": "7ae4e56de7db",
"status": "affected",
"version": "c4b64011e458",
"versionType": "git"
},
{
"lessThan": "590a4b2d4e0b",
"status": "affected",
"version": "d36b15e3e7b5",
"versionType": "git"
},
{
"lessThan": "e36482b222e0",
"status": "affected",
"version": "0dd8a25f355b",
"versionType": "git"
},
{
"lessThan": "76b155e14d9b",
"status": "affected",
"version": "0dd8a25f355b",
"versionType": "git"
},
{
"lessThan": "719edd9f3372",
"status": "affected",
"version": "0dd8a25f355b",
"versionType": "git"
},
{
"lessThan": "b5c94e4d947d",
"status": "affected",
"version": "0dd8a25f355b",
"versionType": "git"
},
{
"lessThan": "df3dff8ab6d7",
"status": "affected",
"version": "0dd8a25f355b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hnae3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when uninstalling driver\n\nWhen the driver is uninstalled and the VF is disabled concurrently, a\nkernel crash occurs. The reason is that the two actions call function\npci_disable_sriov(). The num_VFs is checked to determine whether to\nrelease the corresponding resources. During the second calling, num_VFs\nis not 0 and the resource release function is called. However, the\ncorresponding resource has been released during the first invoking.\nTherefore, the problem occurs:\n\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n...\n[15278.131557][T50670] Call trace:\n[15278.134686][T50670] klist_put+0x28/0x12c\n[15278.138682][T50670] klist_del+0x14/0x20\n[15278.142592][T50670] device_del+0xbc/0x3c0\n[15278.146676][T50670] pci_remove_bus_device+0x84/0x120\n[15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80\n[15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c\n[15278.162485][T50670] sriov_disable+0x50/0x11c\n[15278.166829][T50670] pci_disable_sriov+0x24/0x30\n[15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\n[15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge]\n[15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230\n[15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30\n[15278.193848][T50670] invoke_syscall+0x50/0x11c\n[15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164\n[15278.203837][T50670] do_el0_svc+0x34/0xcc\n[15278.207834][T50670] el0_svc+0x20/0x30\n\nFor details, see the following figure.\n\n rmmod hclge disable VFs\n----------------------------------------------------\nhclge_exit() sriov_numvfs_store()\n ... device_lock()\n pci_disable_sriov() hns3_pci_sriov_configure()\n pci_disable_sriov()\n sriov_disable()\n sriov_disable() if !num_VFs :\n if !num_VFs : return;\n return; sriov_del_vfs()\n sriov_del_vfs() ...\n ... klist_put()\n klist_put() ...\n ... num_VFs = 0;\n num_VFs = 0; device_unlock();\n\nIn this patch, when driver is removing, we get the device_lock()\nto protect num_VFs, just like sriov_numvfs_store()."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T01:30:43.318Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a0df055775f30850c0da8f7dab40d67c0fd63908"
},
{
"url": "https://git.kernel.org/stable/c/7ae4e56de7dbd0999578246a536cf52a63f4056d"
},
{
"url": "https://git.kernel.org/stable/c/590a4b2d4e0b73586e88bce9b8135b593355ec09"
},
{
"url": "https://git.kernel.org/stable/c/e36482b222e00cc7aeeea772fc0cf2943590bc4d"
},
{
"url": "https://git.kernel.org/stable/c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd"
},
{
"url": "https://git.kernel.org/stable/c/719edd9f3372ce7fb3b157647c6658672946874b"
},
{
"url": "https://git.kernel.org/stable/c/b5c94e4d947d15d521e935ff10c5a22a7883dea5"
},
{
"url": "https://git.kernel.org/stable/c/df3dff8ab6d79edc942464999d06fbaedf8cdd18"
}
],
"title": "net: hns3: fix kernel crash when uninstalling driver",
"x_generator": {
"engine": "bippy-8e903de6a542"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50296",
"datePublished": "2024-11-19T01:30:43.318Z",
"dateReserved": "2024-10-21T19:36:19.986Z",
"dateUpdated": "2024-11-19T01:30:43.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-50296\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-19T02:16:31.780\",\"lastModified\":\"2024-11-27T15:24:16.020\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: hns3: fix kernel crash when uninstalling driver\\n\\nWhen the driver is uninstalled and the VF is disabled concurrently, a\\nkernel crash occurs. The reason is that the two actions call function\\npci_disable_sriov(). The num_VFs is checked to determine whether to\\nrelease the corresponding resources. During the second calling, num_VFs\\nis not 0 and the resource release function is called. However, the\\ncorresponding resource has been released during the first invoking.\\nTherefore, the problem occurs:\\n\\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\\n...\\n[15278.131557][T50670] Call trace:\\n[15278.134686][T50670] klist_put+0x28/0x12c\\n[15278.138682][T50670] klist_del+0x14/0x20\\n[15278.142592][T50670] device_del+0xbc/0x3c0\\n[15278.146676][T50670] pci_remove_bus_device+0x84/0x120\\n[15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80\\n[15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c\\n[15278.162485][T50670] sriov_disable+0x50/0x11c\\n[15278.166829][T50670] pci_disable_sriov+0x24/0x30\\n[15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\\n[15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge]\\n[15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230\\n[15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30\\n[15278.193848][T50670] invoke_syscall+0x50/0x11c\\n[15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164\\n[15278.203837][T50670] do_el0_svc+0x34/0xcc\\n[15278.207834][T50670] el0_svc+0x20/0x30\\n\\nFor details, see the following figure.\\n\\n rmmod hclge disable VFs\\n----------------------------------------------------\\nhclge_exit() sriov_numvfs_store()\\n ... device_lock()\\n pci_disable_sriov() hns3_pci_sriov_configure()\\n pci_disable_sriov()\\n sriov_disable()\\n sriov_disable() if !num_VFs :\\n if !num_VFs : return;\\n return; sriov_del_vfs()\\n sriov_del_vfs() ...\\n ... klist_put()\\n klist_put() ...\\n ... num_VFs = 0;\\n num_VFs = 0; device_unlock();\\n\\nIn this patch, when driver is removing, we get the device_lock()\\nto protect num_VFs, just like sriov_numvfs_store().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: se corrige el fallo del kernel al desinstalar el controlador Cuando se desinstala el controlador y se deshabilita el VF al mismo tiempo, se produce un fallo del kernel. La raz\u00f3n es que las dos acciones llaman a la funci\u00f3n pci_disable_sriov(). Se comprueba num_VFs para determinar si se deben liberar los recursos correspondientes. Durante la segunda llamada, num_VFs no es 0 y se llama a la funci\u00f3n de liberaci\u00f3n de recursos. Sin embargo, el recurso correspondiente se ha liberado durante la primera invocaci\u00f3n. Por lo tanto, se produce el problema: [15277.839633][T50670] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000020 ... [15278.131557][T50670] Rastreo de llamadas: [15278.134686][T50670] klist_put+0x28/0x12c [15278.138682][T50670] klist_del+0x14/0x20 [15278.142592][T50670] device_del+0xbc/0x3c0 [15278.146676][T50670] pci_remove_bus_device+0x84/0x120 [15278.151714][T50670] pci_detener_y_eliminar_dispositivo_bus+0x6c/0x80 [15278.157447][T50670] pci_iov_eliminar_virtfn+0xb4/0x12c [15278.162485][T50670] sriov_deshabilitar+0x50/0x11c [15278.166829][T50670] pci_deshabilitar_sriov+0x24/0x30 [15278.171433][T50670] hnae3_anular_registro_ae_algo_prepare+0x60/0x90 [hnae3] [15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge] [15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230 [15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30 [15278.193848][T50670] invocar_syscall+0x50/0x11c [15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164 [15278.203837][T50670] do_el0_svc+0x34/0xcc [15278.207834][T50670] el0_svc+0x20/0x30 Para obtener m\u00e1s detalles, consulte la siguiente figura. rmmod hclge deshabilitar VFs ---------------------------------------------------- hclge_exit() sriov_numvfs_store() ... device_lock() pci_disable_sriov() hns3_pci_sriov_configure() pci_disable_sriov() sriov_disable() sriov_disable() si !num_VFs: si !num_VFs: devolver; devolver; sriov_del_vfs() sriov_del_vfs() ... ... klist_put() klist_put() ... ... num_VFs = 0; num_VFs = 0; device_unlock(); En este parche, cuando se elimina el controlador, obtenemos device_lock() para proteger num_VFs, al igual que sriov_numvfs_store().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.214\",\"versionEndExcluding\":\"4.19.324\",\"matchCriteriaId\":\"B33CD612-5C46-4533-B56E-D417DE841EF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.156\",\"versionEndExcluding\":\"5.4.286\",\"matchCriteriaId\":\"656DF1AE-5B75-445C-B2FF-373108E88FBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.76\",\"versionEndExcluding\":\"5.10.230\",\"matchCriteriaId\":\"72E8FC35-C1C2-4646-9D95-FED73ACF4904\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.14.15\",\"versionEndExcluding\":\"5.15\",\"matchCriteriaId\":\"19C2E641-B44A-468E-8696-41BED0CAF158\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15\",\"versionEndExcluding\":\"5.15.172\",\"matchCriteriaId\":\"34401FB8-C1E9-4E82-8273-9E67507E64D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.117\",\"matchCriteriaId\":\"0DD7F755-2F6B-4707-8973-78496AD5AA8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.61\",\"matchCriteriaId\":\"630ED7EB-C97E-4435-B884-1E309E40D6F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.8\",\"matchCriteriaId\":\"0BD000F7-3DAD-4DD3-8906-98EA1EC67E95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B88717-53F5-42AA-9B72-14C707639E3F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/590a4b2d4e0b73586e88bce9b8135b593355ec09\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/719edd9f3372ce7fb3b157647c6658672946874b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7ae4e56de7dbd0999578246a536cf52a63f4056d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a0df055775f30850c0da8f7dab40d67c0fd63908\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b5c94e4d947d15d521e935ff10c5a22a7883dea5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/df3dff8ab6d79edc942464999d06fbaedf8cdd18\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e36482b222e00cc7aeeea772fc0cf2943590bc4d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.