github - ghsa-jg5m-33hj-57xc

ghsa-jg5m-33hj-57xc

Vulnerability from github

Published

2024-05-17 15:31

Modified

2024-06-26 00:31

Details

In the Linux kernel, the following vulnerability has been resolved:

net: mvpp2: clear BM pool before initialization

Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35837"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T14:15:20Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue.",
  "id": "GHSA-jg5m-33hj-57xc",
  "modified": "2024-06-26T00:31:43Z",
  "published": "2024-05-17T15:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35837"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2024-35837

Vulnerability from cvelistv5

Published

2024-05-17 14:02

Modified

2024-08-02 03:21

Severity

Summary

net: mvpp2: clear BM pool before initialization

References

URL	Tags
https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f
https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa
https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec
https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b
https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4
https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35837",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T17:16:07.925657Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:54.936Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "83f99138bf3b",
              "status": "affected",
              "version": "3f518509dedc",
              "versionType": "git"
            },
            {
              "lessThan": "af47faa6d332",
              "status": "affected",
              "version": "3f518509dedc",
              "versionType": "git"
            },
            {
              "lessThan": "cec65f09c47d",
              "status": "affected",
              "version": "3f518509dedc",
              "versionType": "git"
            },
            {
              "lessThan": "938729484cfa",
              "status": "affected",
              "version": "3f518509dedc",
              "versionType": "git"
            },
            {
              "lessThan": "dc77f6ab5c37",
              "status": "affected",
              "version": "3f518509dedc",
              "versionType": "git"
            },
            {
              "lessThan": "9f538b415db8",
              "status": "affected",
              "version": "3f518509dedc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.17"
            },
            {
              "lessThan": "3.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:29:51.707Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f"
        },
        {
          "url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa"
        },
        {
          "url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
        }
      ],
      "title": "net: mvpp2: clear BM pool before initialization",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35837",
    "datePublished": "2024-05-17T14:02:32.070Z",
    "dateReserved": "2024-05-17T13:50:33.103Z",
    "dateUpdated": "2024-08-02T03:21:48.378Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.