cve-2024-35885
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2024-11-05 09:24
Severity ?
Summary
mlxbf_gige: stop interface during shutdown
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35885",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:11:55.857158Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:36.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63a10b530e22cc923008b5925821c26872f37971"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/80247e0eca14ff177d565f58ecd3010f6b7910a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36a1cb0371aa6f0698910ee70cb4ed3c349f4fa4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9783b3b0e71d704949214a8f76468f591a31f3f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09ba28e1cd3cf715daab1fca6e1623e22fd754a6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "63a10b530e22",
              "status": "affected",
              "version": "f92e1869d74e",
              "versionType": "git"
            },
            {
              "lessThan": "80247e0eca14",
              "status": "affected",
              "version": "f92e1869d74e",
              "versionType": "git"
            },
            {
              "lessThan": "36a1cb0371aa",
              "status": "affected",
              "version": "f92e1869d74e",
              "versionType": "git"
            },
            {
              "lessThan": "9783b3b0e71d",
              "status": "affected",
              "version": "f92e1869d74e",
              "versionType": "git"
            },
            {
              "lessThan": "09ba28e1cd3c",
              "status": "affected",
              "version": "f92e1869d74e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxbf_gige: stop interface during shutdown\n\nThe mlxbf_gige driver intermittantly encounters a NULL pointer\nexception while the system is shutting down via \"reboot\" command.\nThe mlxbf_driver will experience an exception right after executing\nits shutdown() method.  One example of this exception is:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000070\nMem abort info:\n  ESR = 0x0000000096000004\n  EC = 0x25: DABT (current EL), IL = 32 bits\n  SET = 0, FnV = 0\n  EA = 0, S1PTW = 0\n  FSC = 0x04: level 0 translation fault\nData abort info:\n  ISV = 0, ISS = 0x00000004\n  CM = 0, WnR = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000011d373000\n[0000000000000070] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 96000004 [#1] SMP\nCPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G S         OE     5.15.0-bf.6.gef6992a #1\nHardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS 4.0.2.12669 Apr 21 2023\npstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige]\nlr : mlxbf_gige_poll+0x54/0x160 [mlxbf_gige]\nsp : ffff8000080d3c10\nx29: ffff8000080d3c10 x28: ffffcce72cbb7000 x27: ffff8000080d3d58\nx26: ffff0000814e7340 x25: ffff331cd1a05000 x24: ffffcce72c4ea008\nx23: ffff0000814e4b40 x22: ffff0000814e4d10 x21: ffff0000814e4128\nx20: 0000000000000000 x19: ffff0000814e4a80 x18: ffffffffffffffff\nx17: 000000000000001c x16: ffffcce72b4553f4 x15: ffff80008805b8a7\nx14: 0000000000000000 x13: 0000000000000030 x12: 0101010101010101\nx11: 7f7f7f7f7f7f7f7f x10: c2ac898b17576267 x9 : ffffcce720fa5404\nx8 : ffff000080812138 x7 : 0000000000002e9a x6 : 0000000000000080\nx5 : ffff00008de3b000 x4 : 0000000000000000 x3 : 0000000000000001\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\nCall trace:\n mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige]\n mlxbf_gige_poll+0x54/0x160 [mlxbf_gige]\n __napi_poll+0x40/0x1c8\n net_rx_action+0x314/0x3a0\n __do_softirq+0x128/0x334\n run_ksoftirqd+0x54/0x6c\n smpboot_thread_fn+0x14c/0x190\n kthread+0x10c/0x110\n ret_from_fork+0x10/0x20\nCode: 8b070000 f9000ea0 f95056c0 f86178a1 (b9407002)\n---[ end trace 7cc3941aa0d8e6a4 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt\nKernel Offset: 0x4ce722520000 from 0xffff800008000000\nPHYS_OFFSET: 0x80000000\nCPU features: 0x000005c1,a3330e5a\nMemory Limit: none\n---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nDuring system shutdown, the mlxbf_gige driver\u0027s shutdown() is always executed.\nHowever, the driver\u0027s stop() method will only execute if networking interface\nconfiguration logic within the Linux distribution has been setup to do so.\n\nIf shutdown() executes but stop() does not execute, NAPI remains enabled\nand this can lead to an exception if NAPI is scheduled while the hardware\ninterface has only been partially deinitialized.\n\nThe networking interface managed by the mlxbf_gige driver must be properly\nstopped during system shutdown so that IFF_UP is cleared, the hardware\ninterface is put into a clean state, and NAPI is fully deinitialized."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:24:26.240Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/63a10b530e22cc923008b5925821c26872f37971"
        },
        {
          "url": "https://git.kernel.org/stable/c/80247e0eca14ff177d565f58ecd3010f6b7910a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/36a1cb0371aa6f0698910ee70cb4ed3c349f4fa4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9783b3b0e71d704949214a8f76468f591a31f3f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/09ba28e1cd3cf715daab1fca6e1623e22fd754a6"
        }
      ],
      "title": "mlxbf_gige: stop interface during shutdown",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35885",
    "datePublished": "2024-05-19T08:34:41.873Z",
    "dateReserved": "2024-05-17T13:50:33.112Z",
    "dateUpdated": "2024-11-05T09:24:26.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-35885\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-19T09:15:09.683\",\"lastModified\":\"2024-05-20T13:00:04.957\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmlxbf_gige: stop interface during shutdown\\n\\nThe mlxbf_gige driver intermittantly encounters a NULL pointer\\nexception while the system is shutting down via \\\"reboot\\\" command.\\nThe mlxbf_driver will experience an exception right after executing\\nits shutdown() method.  One example of this exception is:\\n\\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000070\\nMem abort info:\\n  ESR = 0x0000000096000004\\n  EC = 0x25: DABT (current EL), IL = 32 bits\\n  SET = 0, FnV = 0\\n  EA = 0, S1PTW = 0\\n  FSC = 0x04: level 0 translation fault\\nData abort info:\\n  ISV = 0, ISS = 0x00000004\\n  CM = 0, WnR = 0\\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000011d373000\\n[0000000000000070] pgd=0000000000000000, p4d=0000000000000000\\nInternal error: Oops: 96000004 [#1] SMP\\nCPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G S         OE     5.15.0-bf.6.gef6992a #1\\nHardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS 4.0.2.12669 Apr 21 2023\\npstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\npc : mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige]\\nlr : mlxbf_gige_poll+0x54/0x160 [mlxbf_gige]\\nsp : ffff8000080d3c10\\nx29: ffff8000080d3c10 x28: ffffcce72cbb7000 x27: ffff8000080d3d58\\nx26: ffff0000814e7340 x25: ffff331cd1a05000 x24: ffffcce72c4ea008\\nx23: ffff0000814e4b40 x22: ffff0000814e4d10 x21: ffff0000814e4128\\nx20: 0000000000000000 x19: ffff0000814e4a80 x18: ffffffffffffffff\\nx17: 000000000000001c x16: ffffcce72b4553f4 x15: ffff80008805b8a7\\nx14: 0000000000000000 x13: 0000000000000030 x12: 0101010101010101\\nx11: 7f7f7f7f7f7f7f7f x10: c2ac898b17576267 x9 : ffffcce720fa5404\\nx8 : ffff000080812138 x7 : 0000000000002e9a x6 : 0000000000000080\\nx5 : ffff00008de3b000 x4 : 0000000000000000 x3 : 0000000000000001\\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\\nCall trace:\\n mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige]\\n mlxbf_gige_poll+0x54/0x160 [mlxbf_gige]\\n __napi_poll+0x40/0x1c8\\n net_rx_action+0x314/0x3a0\\n __do_softirq+0x128/0x334\\n run_ksoftirqd+0x54/0x6c\\n smpboot_thread_fn+0x14c/0x190\\n kthread+0x10c/0x110\\n ret_from_fork+0x10/0x20\\nCode: 8b070000 f9000ea0 f95056c0 f86178a1 (b9407002)\\n---[ end trace 7cc3941aa0d8e6a4 ]---\\nKernel panic - not syncing: Oops: Fatal exception in interrupt\\nKernel Offset: 0x4ce722520000 from 0xffff800008000000\\nPHYS_OFFSET: 0x80000000\\nCPU features: 0x000005c1,a3330e5a\\nMemory Limit: none\\n---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\\n\\nDuring system shutdown, the mlxbf_gige driver\u0027s shutdown() is always executed.\\nHowever, the driver\u0027s stop() method will only execute if networking interface\\nconfiguration logic within the Linux distribution has been setup to do so.\\n\\nIf shutdown() executes but stop() does not execute, NAPI remains enabled\\nand this can lead to an exception if NAPI is scheduled while the hardware\\ninterface has only been partially deinitialized.\\n\\nThe networking interface managed by the mlxbf_gige driver must be properly\\nstopped during system shutdown so that IFF_UP is cleared, the hardware\\ninterface is put into a clean state, and NAPI is fully deinitialized.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mlxbf_gige: detiene la interfaz durante el apagado El controlador mlxbf_gige encuentra intermitentemente una excepci\u00f3n de puntero NULL mientras el sistema se apaga mediante el comando \\\"reboot\\\". El mlxbf_driver experimentar\u00e1 una excepci\u00f3n justo despu\u00e9s de ejecutar su m\u00e9todo de apagado(). Un ejemplo de esta excepci\u00f3n es: No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000070 Informaci\u00f3n de cancelaci\u00f3n de memoria: ESR = 0x0000000096000004 EC = 0x25: DABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: error de traducci\u00f3n de nivel 0 Informaci\u00f3n de cancelaci\u00f3n de datos: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 tabla de p\u00e1ginas de usuario: 4k p\u00e1ginas, VA de 48 bits, pgdp=000000011d373000 [0000000000000070] 000000000000, p4d=0000000000000000 Error interno: Ups: 96000004 [#1] CPU SMP: 0 PID: 13 Comm: ksoftirqd/0 Contaminado: GS OE 5.15.0-bf.6.gef6992a #1 Nombre de hardware: https://www.mellanox .com BlueField SoC/BlueField SoC, BIOS 4.0.2.12669 21 de abril de 2023 pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc: mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige] lr: mlxbf_ gige_poll+ 0x54/0x160 [mlxbf_gige] sp: ffff8000080d3c10 x29: ffff8000080d3c10 x28: ffffcce72cbb7000 x27: ffff8000080d3d58 x26: ffff0000814e7340 x25: a05000 x24: ffffcce72c4ea008 x23: ffff0000814e4b40 x22: ffff0000814e4d10 x21: ffff0000814e4128 x20: 0000000000000000 x19: ffff0000814e4a80 ffffffffffffffff x17: 000000000000001c x16: ffffcce72b4553f4 x15: ffff80008805b8a7 x14: 0000000000000000 x13: 0000000000000030 x12: 0101010101010101 x11: 7f7f7f7f7f7f7f7f x10: ac898b17576267 x9: ffffcce720fa5404 x8: ffff000080812138 x7: 0000000000002e9a x6: 00000000000000080 x5: ffff00008de3b000 x4: 00000000000000000 x3: 0000000000000001 x2: 0000000000000000 x1: 0000000000000000 x0: 00000000000000000 Llamada seguimiento: mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige] mlxbf_gige_poll+0x54/0x160 [mlxbf_gige] __napi_poll+0x40/0x1c8 net_rx_action+0x314/0x3a0 __do_softirq+0x128/0x334 _ksoftirqd+0x54/0x6c smpboot_thread_fn+0x14c/0x190 kthread+0x10c/0x110 ret_from_fork+ 0x10/0x20 C\u00f3digo: 8b070000 f9000ea0 f95056c0 f86178a1 (b9407002) ---[ seguimiento final 7cc3941aa0d8e6a4 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt Kernel Offset: 0x4ce722520000 de 0xffff 800008000000 PHYS_OFFSET: 0x80000000 Caracter\u00edsticas de la CPU: 0x000005c1,a3330e5a L\u00edmite de memoria: ninguno ---[ fin del p\u00e1nico del kernel - no se sincroniza: Ups: excepci\u00f3n fatal en la interrupci\u00f3n ]--- Durante el apagado del sistema, el apagado() del controlador mlxbf_gige siempre se ejecuta. Sin embargo, el m\u00e9todo stop() del controlador solo se ejecutar\u00e1 si la l\u00f3gica de configuraci\u00f3n de la interfaz de red dentro de la distribuci\u00f3n de Linux se ha configurado para hacerlo. Si se ejecuta Shutdown() pero stop() no, NAPI permanece habilitada y esto puede provocar una excepci\u00f3n si NAPI se programa mientras la interfaz de hardware solo se ha desinicializado parcialmente. La interfaz de red administrada por el controlador mlxbf_gige debe detenerse correctamente durante el apagado del sistema para que se borre IFF_UP, la interfaz de hardware se ponga en un estado limpio y NAPI se desinicialice por completo.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/09ba28e1cd3cf715daab1fca6e1623e22fd754a6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/36a1cb0371aa6f0698910ee70cb4ed3c349f4fa4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/63a10b530e22cc923008b5925821c26872f37971\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/80247e0eca14ff177d565f58ecd3010f6b7910a4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9783b3b0e71d704949214a8f76468f591a31f3f5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.