| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Track xmit submission to PTP WQ after populating metadata map\n\nEnsure the skb is available in metadata mapping to skbs before tracking the\nmetadata index for detecting undelivered CQEs. If the metadata index is put\nin the tracking list before putting the skb in the map, the metadata index\nmight be used for detecting undelivered CQEs before the relevant skb is\navailable in the map, which can lead to a null-ptr-deref.\n\nLog:\n general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n CPU: 0 PID: 1243 Comm: kworker/0:2 Not tainted 6.6.0-rc4+ #108\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events mlx5e_rx_dim_work [mlx5_core]\n RIP: 0010:mlx5e_ptp_napi_poll+0x9a4/0x2290 [mlx5_core]\n Code: 8c 24 38 cc ff ff 4c 8d 3c c1 4c 89 f9 48 c1 e9 03 42 80 3c 31 00 0f 85 97 0f 00 00 4d 8b 3f 49 8d 7f 28 48 89 f9 48 c1 e9 03 <42> 80 3c 31 00 0f 85 8b 0f 00 00 49 8b 47 28 48 85 c0 0f 84 05 07\n RSP: 0018:ffff8884d3c09c88 EFLAGS: 00010206\n RAX: 0000000000000069 RBX: ffff8881160349d8 RCX: 0000000000000005\n RDX: ffffed10218f48cf RSI: 0000000000000004 RDI: 0000000000000028\n RBP: ffff888122707700 R08: 0000000000000001 R09: ffffed109a781383\n R10: 0000000000000003 R11: 0000000000000003 R12: ffff88810c7a7a40\n R13: ffff888122707700 R14: dffffc0000000000 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8884d3c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f878dd6e0 CR3: 000000014d108002 CR4: 0000000000370eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <IRQ>\n ? die_addr+0x3c/0xa0\n ? exc_general_protection+0x144/0x210\n ? asm_exc_general_protection+0x22/0x30\n ? mlx5e_ptp_napi_poll+0x9a4/0x2290 [mlx5_core]\n ? mlx5e_ptp_napi_poll+0x8f6/0x2290 [mlx5_core]\n __napi_poll.constprop.0+0xa4/0x580\n net_rx_action+0x460/0xb80\n ? _raw_spin_unlock_irqrestore+0x32/0x60\n ? __napi_poll.constprop.0+0x580/0x580\n ? tasklet_action_common.isra.0+0x2ef/0x760\n __do_softirq+0x26c/0x827\n irq_exit_rcu+0xc2/0x100\n common_interrupt+0x7f/0xa0\n </IRQ>\n <TASK>\n asm_common_interrupt+0x22/0x40\n RIP: 0010:__kmem_cache_alloc_node+0xb/0x330\n Code: 41 5d 41 5e 41 5f c3 8b 44 24 14 8b 4c 24 10 09 c8 eb d5 e8 b7 43 ca 01 0f 1f 80 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 <41> 56 41 89 d6 41 55 41 89 f5 41 54 49 89 fc 53 48 83 e4 f0 48 83\n RSP: 0018:ffff88812c4079c0 EFLAGS: 00000246\n RAX: 1ffffffff083c7fe RBX: ffff888100042dc0 RCX: 0000000000000218\n RDX: 00000000ffffffff RSI: 0000000000000dc0 RDI: ffff888100042dc0\n RBP: ffff88812c4079c8 R08: ffffffffa0289f96 R09: ffffed1025880ea9\n R10: ffff888138839f80 R11: 0000000000000002 R12: 0000000000000dc0\n R13: 0000000000000100 R14: 000000000000008c R15: ffff8881271fc450\n ? cmd_exec+0x796/0x2200 [mlx5_core]\n kmalloc_trace+0x26/0xc0\n cmd_exec+0x796/0x2200 [mlx5_core]\n mlx5_cmd_do+0x22/0xc0 [mlx5_core]\n mlx5_cmd_exec+0x17/0x30 [mlx5_core]\n mlx5_core_modify_cq_moderation+0x139/0x1b0 [mlx5_core]\n ? mlx5_add_cq_to_tasklet+0x280/0x280 [mlx5_core]\n ? lockdep_set_lock_cmp_fn+0x190/0x190\n ? process_one_work+0x659/0x1220\n mlx5e_rx_dim_work+0x9d/0x100 [mlx5_core]\n process_one_work+0x730/0x1220\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? max_active_store+0xf0/0xf0\n ? assign_work+0x168/0x240\n worker_thread+0x70f/0x12d0\n ? __kthread_parkme+0xd1/0x1d0\n ? process_one_work+0x1220/0x1220\n kthread+0x2d9/0x3b0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x2d/0x70\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_as\n---truncated---" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/net/ethernet/mellanox/mlx5/core/en_tx.c" |
| ], |
| "versions": [ |
| { |
| "version": "e729382c297e2c492ff2a260aa1f23183eadae2e", |
| "lessThan": "a9d6c0c5a6bd9ca88e964f8843ea41bc085de866", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "3178308ad4ca38955cad684d235153d4939f1fcd", |
| "lessThan": "4d510506b46504664eacf8a44a9e8f3e54c137b8", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "3178308ad4ca38955cad684d235153d4939f1fcd", |
| "lessThan": "7e3f3ba97e6cc6fce5bf62df2ca06c8e59040167", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/net/ethernet/mellanox/mlx5/core/en_tx.c" |
| ], |
| "versions": [ |
| { |
| "version": "6.6", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "6.6", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.3", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.7", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.6", |
| "versionEndExcluding": "6.6.3" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.6", |
| "versionEndExcluding": "6.7" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/a9d6c0c5a6bd9ca88e964f8843ea41bc085de866" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/4d510506b46504664eacf8a44a9e8f3e54c137b8" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/7e3f3ba97e6cc6fce5bf62df2ca06c8e59040167" |
| } |
| ], |
| "title": "net/mlx5e: Track xmit submission to PTP WQ after populating metadata map", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2023-52782", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
