cve/published/2024/CVE-2024-53209.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix receive ring space parameters when XDP is active\n\nThe MTU setting at the time an XDP multi-buffer is attached\ndetermines whether the aggregation ring will be used and the\nrx_skb_func handler.  This is done in bnxt_set_rx_skb_mode().\n\nIf the MTU is later changed, the aggregation ring setting may need\nto be changed and it may become out-of-sync with the settings\ninitially done in bnxt_set_rx_skb_mode().  This may result in\nrandom memory corruption and crashes as the HW may DMA data larger\nthan the allocated buffer size, such as:\n\nBUG: kernel NULL pointer dereference, address: 00000000000003c0\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 17 PID: 0 Comm: swapper/17 Kdump: loaded Tainted: G S         OE      6.1.0-226bf9805506 #1\nHardware name: Wiwynn Delta Lake PVT BZA.02601.0150/Delta Lake-Class1, BIOS F0E_3A12 08/26/2021\nRIP: 0010:bnxt_rx_pkt+0xe97/0x1ae0 [bnxt_en]\nCode: 8b 95 70 ff ff ff 4c 8b 9d 48 ff ff ff 66 41 89 87 b4 00 00 00 e9 0b f7 ff ff 0f b7 43 0a 49 8b 95 a8 04 00 00 25 ff 0f 00 00 <0f> b7 14 42 48 c1 e2 06 49 03 95 a0 04 00 00 0f b6 42 33f\nRSP: 0018:ffffa19f40cc0d18 EFLAGS: 00010202\nRAX: 00000000000001e0 RBX: ffff8e2c805c6100 RCX: 00000000000007ff\nRDX: 0000000000000000 RSI: ffff8e2c271ab990 RDI: ffff8e2c84f12380\nRBP: ffffa19f40cc0e48 R08: 000000000001000d R09: 974ea2fcddfa4cbf\nR10: 0000000000000000 R11: ffffa19f40cc0ff8 R12: ffff8e2c94b58980\nR13: ffff8e2c952d6600 R14: 0000000000000016 R15: ffff8e2c271ab990\nFS:  0000000000000000(0000) GS:ffff8e3b3f840000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000000003c0 CR3: 0000000e8580a004 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n __bnxt_poll_work+0x1c2/0x3e0 [bnxt_en]\n\nTo address the issue, we now call bnxt_set_rx_skb_mode() within\nbnxt_change_mtu() to properly set the AGG rings configuration and\nupdate rx_skb_func based on the new MTU value.\nAdditionally, BNXT_FLAG_NO_AGG_RINGS is cleared at the beginning of\nbnxt_set_rx_skb_mode() to make sure it gets set or cleared based on\nthe current MTU."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/net/ethernet/broadcom/bnxt/bnxt.c"
                ],
                "versions": [
                   {
                      "version": "421e02bda0570eeb11636544fe97ec3097d1bb92",
                      "lessThan": "b7fd784d7c6a1bd927a23e0d06f09a776ee3889b",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "08450ea98ae98d5a35145b675b76db616046ea11",
                      "lessThan": "7f306c651feab2f3689185f60b94e72b573255db",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "08450ea98ae98d5a35145b675b76db616046ea11",
                      "lessThan": "bf54a7660fc8d2166f41ff1d67a643b15d8b2250",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "08450ea98ae98d5a35145b675b76db616046ea11",
                      "lessThan": "84353386762a0a16dd444ead76c012e167d89b41",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "08450ea98ae98d5a35145b675b76db616046ea11",
                      "lessThan": "3051a77a09dfe3022aa012071346937fdf059033",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "893096a7e5fd61cb666b4ead2fa69324e1f2aade",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/net/ethernet/broadcom/bnxt/bnxt.c"
                ],
                "versions": [
                   {
                      "version": "6.5",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "6.5",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.1.140",
                      "lessThanOrEqual": "6.1.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.6.85",
                      "lessThanOrEqual": "6.6.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.11.11",
                      "lessThanOrEqual": "6.11.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.12.2",
                      "lessThanOrEqual": "6.12.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.13",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.1.45",
                            "versionEndExcluding": "6.1.140"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.5",
                            "versionEndExcluding": "6.6.85"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.5",
                            "versionEndExcluding": "6.11.11"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.5",
                            "versionEndExcluding": "6.12.2"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.5",
                            "versionEndExcluding": "6.13"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.4.10"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/b7fd784d7c6a1bd927a23e0d06f09a776ee3889b"
             },
             {
                "url": "https://git.kernel.org/stable/c/7f306c651feab2f3689185f60b94e72b573255db"
             },
             {
                "url": "https://git.kernel.org/stable/c/bf54a7660fc8d2166f41ff1d67a643b15d8b2250"
             },
             {
                "url": "https://git.kernel.org/stable/c/84353386762a0a16dd444ead76c012e167d89b41"
             },
             {
                "url": "https://git.kernel.org/stable/c/3051a77a09dfe3022aa012071346937fdf059033"
             }
          ],
          "title": "bnxt_en: Fix receive ring space parameters when XDP is active",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2024-53209",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix receive ring space parameters when XDP is active\n\nThe MTU setting at the time an XDP multi-buffer is attached\ndetermines whether the aggregation ring will be used and the\nrx_skb_func handler. This is done in bnxt_set_rx_skb_mode().\n\nIf the MTU is later changed, the aggregation ring setting may need\nto be changed and it may become out-of-sync with the settings\ninitially done in bnxt_set_rx_skb_mode(). This may result in\nrandom memory corruption and crashes as the HW may DMA data larger\nthan the allocated buffer size, such as:\n\nBUG: kernel NULL pointer dereference, address: 00000000000003c0\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 17 PID: 0 Comm: swapper/17 Kdump: loaded Tainted: G S OE 6.1.0-226bf9805506 #1\nHardware name: Wiwynn Delta Lake PVT BZA.02601.0150/Delta Lake-Class1, BIOS F0E_3A12 08/26/2021\nRIP: 0010:bnxt_rx_pkt+0xe97/0x1ae0 [bnxt_en]\nCode: 8b 95 70 ff ff ff 4c 8b 9d 48 ff ff ff 66 41 89 87 b4 00 00 00 e9 0b f7 ff ff 0f b7 43 0a 49 8b 95 a8 04 00 00 25 ff 0f 00 00 <0f> b7 14 42 48 c1 e2 06 49 03 95 a0 04 00 00 0f b6 42 33f\nRSP: 0018:ffffa19f40cc0d18 EFLAGS: 00010202\nRAX: 00000000000001e0 RBX: ffff8e2c805c6100 RCX: 00000000000007ff\nRDX: 0000000000000000 RSI: ffff8e2c271ab990 RDI: ffff8e2c84f12380\nRBP: ffffa19f40cc0e48 R08: 000000000001000d R09: 974ea2fcddfa4cbf\nR10: 0000000000000000 R11: ffffa19f40cc0ff8 R12: ffff8e2c94b58980\nR13: ffff8e2c952d6600 R14: 0000000000000016 R15: ffff8e2c271ab990\nFS: 0000000000000000(0000) GS:ffff8e3b3f840000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000000003c0 CR3: 0000000e8580a004 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n __bnxt_poll_work+0x1c2/0x3e0 [bnxt_en]\n\nTo address the issue, we now call bnxt_set_rx_skb_mode() within\nbnxt_change_mtu() to properly set the AGG rings configuration and\nupdate rx_skb_func based on the new MTU value.\nAdditionally, BNXT_FLAG_NO_AGG_RINGS is cleared at the beginning of\nbnxt_set_rx_skb_mode() to make sure it gets set or cleared based on\nthe current MTU."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/net/ethernet/broadcom/bnxt/bnxt.c"
	],
	"versions": [
	{
	"version": "421e02bda0570eeb11636544fe97ec3097d1bb92",
	"lessThan": "b7fd784d7c6a1bd927a23e0d06f09a776ee3889b",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "08450ea98ae98d5a35145b675b76db616046ea11",
	"lessThan": "7f306c651feab2f3689185f60b94e72b573255db",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "08450ea98ae98d5a35145b675b76db616046ea11",
	"lessThan": "bf54a7660fc8d2166f41ff1d67a643b15d8b2250",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "08450ea98ae98d5a35145b675b76db616046ea11",
	"lessThan": "84353386762a0a16dd444ead76c012e167d89b41",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "08450ea98ae98d5a35145b675b76db616046ea11",
	"lessThan": "3051a77a09dfe3022aa012071346937fdf059033",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "893096a7e5fd61cb666b4ead2fa69324e1f2aade",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/net/ethernet/broadcom/bnxt/bnxt.c"
	],
	"versions": [
	{
	"version": "6.5",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "6.5",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.1.140",
	"lessThanOrEqual": "6.1.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.6.85",
	"lessThanOrEqual": "6.6.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.11.11",
	"lessThanOrEqual": "6.11.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.12.2",
	"lessThanOrEqual": "6.12.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.13",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.1.45",
	"versionEndExcluding": "6.1.140"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.5",
	"versionEndExcluding": "6.6.85"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.5",
	"versionEndExcluding": "6.11.11"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.5",
	"versionEndExcluding": "6.12.2"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.5",
	"versionEndExcluding": "6.13"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.4.10"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/b7fd784d7c6a1bd927a23e0d06f09a776ee3889b"
	},
	{
	"url": "https://git.kernel.org/stable/c/7f306c651feab2f3689185f60b94e72b573255db"
	},
	{
	"url": "https://git.kernel.org/stable/c/bf54a7660fc8d2166f41ff1d67a643b15d8b2250"
	},
	{
	"url": "https://git.kernel.org/stable/c/84353386762a0a16dd444ead76c012e167d89b41"
	},
	{
	"url": "https://git.kernel.org/stable/c/3051a77a09dfe3022aa012071346937fdf059033"
	}
	],
	"title": "bnxt_en: Fix receive ring space parameters when XDP is active",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2024-53209",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}