cve-2024-50296
Vulnerability from cvelistv5
Published
2024-11-19 01:30
Modified
2024-11-19 01:30
Severity ?
Summary
net: hns3: fix kernel crash when uninstalling driver
Impacted products
Vendor Product Version
Linux Linux Version: 5.15
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/hisilicon/hns3/hnae3.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a0df055775f3",
              "status": "affected",
              "version": "b06ad258e013",
              "versionType": "git"
            },
            {
              "lessThan": "7ae4e56de7db",
              "status": "affected",
              "version": "c4b64011e458",
              "versionType": "git"
            },
            {
              "lessThan": "590a4b2d4e0b",
              "status": "affected",
              "version": "d36b15e3e7b5",
              "versionType": "git"
            },
            {
              "lessThan": "e36482b222e0",
              "status": "affected",
              "version": "0dd8a25f355b",
              "versionType": "git"
            },
            {
              "lessThan": "76b155e14d9b",
              "status": "affected",
              "version": "0dd8a25f355b",
              "versionType": "git"
            },
            {
              "lessThan": "719edd9f3372",
              "status": "affected",
              "version": "0dd8a25f355b",
              "versionType": "git"
            },
            {
              "lessThan": "b5c94e4d947d",
              "status": "affected",
              "version": "0dd8a25f355b",
              "versionType": "git"
            },
            {
              "lessThan": "df3dff8ab6d7",
              "status": "affected",
              "version": "0dd8a25f355b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/hisilicon/hns3/hnae3.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when uninstalling driver\n\nWhen the driver is uninstalled and the VF is disabled concurrently, a\nkernel crash occurs. The reason is that the two actions call function\npci_disable_sriov(). The num_VFs is checked to determine whether to\nrelease the corresponding resources. During the second calling, num_VFs\nis not 0 and the resource release function is called. However, the\ncorresponding resource has been released during the first invoking.\nTherefore, the problem occurs:\n\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n...\n[15278.131557][T50670] Call trace:\n[15278.134686][T50670]  klist_put+0x28/0x12c\n[15278.138682][T50670]  klist_del+0x14/0x20\n[15278.142592][T50670]  device_del+0xbc/0x3c0\n[15278.146676][T50670]  pci_remove_bus_device+0x84/0x120\n[15278.151714][T50670]  pci_stop_and_remove_bus_device+0x6c/0x80\n[15278.157447][T50670]  pci_iov_remove_virtfn+0xb4/0x12c\n[15278.162485][T50670]  sriov_disable+0x50/0x11c\n[15278.166829][T50670]  pci_disable_sriov+0x24/0x30\n[15278.171433][T50670]  hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\n[15278.178039][T50670]  hclge_exit+0x28/0xd0 [hclge]\n[15278.182730][T50670]  __se_sys_delete_module.isra.0+0x164/0x230\n[15278.188550][T50670]  __arm64_sys_delete_module+0x1c/0x30\n[15278.193848][T50670]  invoke_syscall+0x50/0x11c\n[15278.198278][T50670]  el0_svc_common.constprop.0+0x158/0x164\n[15278.203837][T50670]  do_el0_svc+0x34/0xcc\n[15278.207834][T50670]  el0_svc+0x20/0x30\n\nFor details, see the following figure.\n\n     rmmod hclge              disable VFs\n----------------------------------------------------\nhclge_exit()            sriov_numvfs_store()\n  ...                     device_lock()\n  pci_disable_sriov()     hns3_pci_sriov_configure()\n                            pci_disable_sriov()\n                              sriov_disable()\n    sriov_disable()             if !num_VFs :\n      if !num_VFs :               return;\n        return;                 sriov_del_vfs()\n      sriov_del_vfs()             ...\n        ...                       klist_put()\n        klist_put()               ...\n        ...                     num_VFs = 0;\n      num_VFs = 0;        device_unlock();\n\nIn this patch, when driver is removing, we get the device_lock()\nto protect num_VFs, just like sriov_numvfs_store()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-19T01:30:43.318Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a0df055775f30850c0da8f7dab40d67c0fd63908"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ae4e56de7dbd0999578246a536cf52a63f4056d"
        },
        {
          "url": "https://git.kernel.org/stable/c/590a4b2d4e0b73586e88bce9b8135b593355ec09"
        },
        {
          "url": "https://git.kernel.org/stable/c/e36482b222e00cc7aeeea772fc0cf2943590bc4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/719edd9f3372ce7fb3b157647c6658672946874b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5c94e4d947d15d521e935ff10c5a22a7883dea5"
        },
        {
          "url": "https://git.kernel.org/stable/c/df3dff8ab6d79edc942464999d06fbaedf8cdd18"
        }
      ],
      "title": "net: hns3: fix kernel crash when uninstalling driver",
      "x_generator": {
        "engine": "bippy-8e903de6a542"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50296",
    "datePublished": "2024-11-19T01:30:43.318Z",
    "dateReserved": "2024-10-21T19:36:19.986Z",
    "dateUpdated": "2024-11-19T01:30:43.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50296\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-19T02:16:31.780\",\"lastModified\":\"2024-11-27T15:24:16.020\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: hns3: fix kernel crash when uninstalling driver\\n\\nWhen the driver is uninstalled and the VF is disabled concurrently, a\\nkernel crash occurs. The reason is that the two actions call function\\npci_disable_sriov(). The num_VFs is checked to determine whether to\\nrelease the corresponding resources. During the second calling, num_VFs\\nis not 0 and the resource release function is called. However, the\\ncorresponding resource has been released during the first invoking.\\nTherefore, the problem occurs:\\n\\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\\n...\\n[15278.131557][T50670] Call trace:\\n[15278.134686][T50670]  klist_put+0x28/0x12c\\n[15278.138682][T50670]  klist_del+0x14/0x20\\n[15278.142592][T50670]  device_del+0xbc/0x3c0\\n[15278.146676][T50670]  pci_remove_bus_device+0x84/0x120\\n[15278.151714][T50670]  pci_stop_and_remove_bus_device+0x6c/0x80\\n[15278.157447][T50670]  pci_iov_remove_virtfn+0xb4/0x12c\\n[15278.162485][T50670]  sriov_disable+0x50/0x11c\\n[15278.166829][T50670]  pci_disable_sriov+0x24/0x30\\n[15278.171433][T50670]  hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\\n[15278.178039][T50670]  hclge_exit+0x28/0xd0 [hclge]\\n[15278.182730][T50670]  __se_sys_delete_module.isra.0+0x164/0x230\\n[15278.188550][T50670]  __arm64_sys_delete_module+0x1c/0x30\\n[15278.193848][T50670]  invoke_syscall+0x50/0x11c\\n[15278.198278][T50670]  el0_svc_common.constprop.0+0x158/0x164\\n[15278.203837][T50670]  do_el0_svc+0x34/0xcc\\n[15278.207834][T50670]  el0_svc+0x20/0x30\\n\\nFor details, see the following figure.\\n\\n     rmmod hclge              disable VFs\\n----------------------------------------------------\\nhclge_exit()            sriov_numvfs_store()\\n  ...                     device_lock()\\n  pci_disable_sriov()     hns3_pci_sriov_configure()\\n                            pci_disable_sriov()\\n                              sriov_disable()\\n    sriov_disable()             if !num_VFs :\\n      if !num_VFs :               return;\\n        return;                 sriov_del_vfs()\\n      sriov_del_vfs()             ...\\n        ...                       klist_put()\\n        klist_put()               ...\\n        ...                     num_VFs = 0;\\n      num_VFs = 0;        device_unlock();\\n\\nIn this patch, when driver is removing, we get the device_lock()\\nto protect num_VFs, just like sriov_numvfs_store().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: se corrige el fallo del kernel al desinstalar el controlador Cuando se desinstala el controlador y se deshabilita el VF al mismo tiempo, se produce un fallo del kernel. La raz\u00f3n es que las dos acciones llaman a la funci\u00f3n pci_disable_sriov(). Se comprueba num_VFs para determinar si se deben liberar los recursos correspondientes. Durante la segunda llamada, num_VFs no es 0 y se llama a la funci\u00f3n de liberaci\u00f3n de recursos. Sin embargo, el recurso correspondiente se ha liberado durante la primera invocaci\u00f3n. Por lo tanto, se produce el problema: [15277.839633][T50670] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000020 ... [15278.131557][T50670] Rastreo de llamadas: [15278.134686][T50670] klist_put+0x28/0x12c [15278.138682][T50670] klist_del+0x14/0x20 [15278.142592][T50670] device_del+0xbc/0x3c0 [15278.146676][T50670] pci_remove_bus_device+0x84/0x120 [15278.151714][T50670] pci_detener_y_eliminar_dispositivo_bus+0x6c/0x80 [15278.157447][T50670] pci_iov_eliminar_virtfn+0xb4/0x12c [15278.162485][T50670] sriov_deshabilitar+0x50/0x11c [15278.166829][T50670] pci_deshabilitar_sriov+0x24/0x30 [15278.171433][T50670] hnae3_anular_registro_ae_algo_prepare+0x60/0x90 [hnae3] [15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge] [15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230 [15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30 [15278.193848][T50670] invocar_syscall+0x50/0x11c [15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164 [15278.203837][T50670] do_el0_svc+0x34/0xcc [15278.207834][T50670] el0_svc+0x20/0x30 Para obtener m\u00e1s detalles, consulte la siguiente figura. rmmod hclge deshabilitar VFs ---------------------------------------------------- hclge_exit() sriov_numvfs_store() ... device_lock() pci_disable_sriov() hns3_pci_sriov_configure() pci_disable_sriov() sriov_disable() sriov_disable() si !num_VFs: si !num_VFs: devolver; devolver; sriov_del_vfs() sriov_del_vfs() ... ... klist_put() klist_put() ... ... num_VFs = 0; num_VFs = 0; device_unlock(); En este parche, cuando se elimina el controlador, obtenemos device_lock() para proteger num_VFs, al igual que sriov_numvfs_store().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.214\",\"versionEndExcluding\":\"4.19.324\",\"matchCriteriaId\":\"B33CD612-5C46-4533-B56E-D417DE841EF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.156\",\"versionEndExcluding\":\"5.4.286\",\"matchCriteriaId\":\"656DF1AE-5B75-445C-B2FF-373108E88FBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.76\",\"versionEndExcluding\":\"5.10.230\",\"matchCriteriaId\":\"72E8FC35-C1C2-4646-9D95-FED73ACF4904\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.14.15\",\"versionEndExcluding\":\"5.15\",\"matchCriteriaId\":\"19C2E641-B44A-468E-8696-41BED0CAF158\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15\",\"versionEndExcluding\":\"5.15.172\",\"matchCriteriaId\":\"34401FB8-C1E9-4E82-8273-9E67507E64D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.117\",\"matchCriteriaId\":\"0DD7F755-2F6B-4707-8973-78496AD5AA8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.61\",\"matchCriteriaId\":\"630ED7EB-C97E-4435-B884-1E309E40D6F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.8\",\"matchCriteriaId\":\"0BD000F7-3DAD-4DD3-8906-98EA1EC67E95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B88717-53F5-42AA-9B72-14C707639E3F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/590a4b2d4e0b73586e88bce9b8135b593355ec09\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/719edd9f3372ce7fb3b157647c6658672946874b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7ae4e56de7dbd0999578246a536cf52a63f4056d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a0df055775f30850c0da8f7dab40d67c0fd63908\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b5c94e4d947d15d521e935ff10c5a22a7883dea5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/df3dff8ab6d79edc942464999d06fbaedf8cdd18\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e36482b222e00cc7aeeea772fc0cf2943590bc4d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.