cve/published/2024/CVE-2024-56649.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: Do not configure preemptible TCs if SIs do not support\n\nBoth ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configure\nMQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs()\nto configure preemptible TCs. However, only PF is able to configure\npreemptible TCs. Because only PF has related registers, while VF does not\nhave these registers. So for VF, its hw->port pointer is NULL. Therefore,\nVF will access an invalid pointer when accessing a non-existent register,\nwhich will cause a crash issue. The simplified log is as follows.\n\nroot@ls1028ardb:~# tc qdisc add dev eno0vf0 parent root handle 100: \\\nmqprio num_tc 4 map 0 0 1 1 2 2 3 3 queues 1@0 1@1 1@2 1@3 hw 1\n[  187.290775] Unable to handle kernel paging request at virtual address 0000000000001f00\n[  187.424831] pc : enetc_mm_commit_preemptible_tcs+0x1c4/0x400\n[  187.430518] lr : enetc_mm_commit_preemptible_tcs+0x30c/0x400\n[  187.511140] Call trace:\n[  187.513588]  enetc_mm_commit_preemptible_tcs+0x1c4/0x400\n[  187.518918]  enetc_setup_tc_mqprio+0x180/0x214\n[  187.523374]  enetc_vf_setup_tc+0x1c/0x30\n[  187.527306]  mqprio_enable_offload+0x144/0x178\n[  187.531766]  mqprio_init+0x3ec/0x668\n[  187.535351]  qdisc_create+0x15c/0x488\n[  187.539023]  tc_modify_qdisc+0x398/0x73c\n[  187.542958]  rtnetlink_rcv_msg+0x128/0x378\n[  187.547064]  netlink_rcv_skb+0x60/0x130\n[  187.550910]  rtnetlink_rcv+0x18/0x24\n[  187.554492]  netlink_unicast+0x300/0x36c\n[  187.558425]  netlink_sendmsg+0x1a8/0x420\n[  187.606759] ---[ end trace 0000000000000000 ]---\n\nIn addition, some PFs also do not support configuring preemptible TCs,\nsuch as eno1 and eno3 on LS1028A. It won't crash like it does for VFs,\nbut we should prevent these PFs from accessing these unimplemented\nregisters."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/net/ethernet/freescale/enetc/enetc.c"
                ],
                "versions": [
                   {
                      "version": "827145392a4aad635b93e5235b7d7fecc2fa31c7",
                      "lessThan": "66127f0d1ecf00604aeab71132bde398fd9ec7c9",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "827145392a4aad635b93e5235b7d7fecc2fa31c7",
                      "lessThan": "b718b68a9964181e24d15138a09ce95785a19002",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "827145392a4aad635b93e5235b7d7fecc2fa31c7",
                      "lessThan": "b2420b8c81ec674552d00c55d46245e5c184b260",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/net/ethernet/freescale/enetc/enetc.c"
                ],
                "versions": [
                   {
                      "version": "6.4",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "6.4",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.6.66",
                      "lessThanOrEqual": "6.6.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.12.5",
                      "lessThanOrEqual": "6.12.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.13",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.4",
                            "versionEndExcluding": "6.6.66"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.4",
                            "versionEndExcluding": "6.12.5"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.4",
                            "versionEndExcluding": "6.13"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/66127f0d1ecf00604aeab71132bde398fd9ec7c9"
             },
             {
                "url": "https://git.kernel.org/stable/c/b718b68a9964181e24d15138a09ce95785a19002"
             },
             {
                "url": "https://git.kernel.org/stable/c/b2420b8c81ec674552d00c55d46245e5c184b260"
             }
          ],
          "title": "net: enetc: Do not configure preemptible TCs if SIs do not support",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2024-56649",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: Do not configure preemptible TCs if SIs do not support\n\nBoth ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configure\nMQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs()\nto configure preemptible TCs. However, only PF is able to configure\npreemptible TCs. Because only PF has related registers, while VF does not\nhave these registers. So for VF, its hw->port pointer is NULL. Therefore,\nVF will access an invalid pointer when accessing a non-existent register,\nwhich will cause a crash issue. The simplified log is as follows.\n\nroot@ls1028ardb:~# tc qdisc add dev eno0vf0 parent root handle 100: \\\nmqprio num_tc 4 map 0 0 1 1 2 2 3 3 queues 1@0 1@1 1@2 1@3 hw 1\n[ 187.290775] Unable to handle kernel paging request at virtual address 0000000000001f00\n[ 187.424831] pc : enetc_mm_commit_preemptible_tcs+0x1c4/0x400\n[ 187.430518] lr : enetc_mm_commit_preemptible_tcs+0x30c/0x400\n[ 187.511140] Call trace:\n[ 187.513588] enetc_mm_commit_preemptible_tcs+0x1c4/0x400\n[ 187.518918] enetc_setup_tc_mqprio+0x180/0x214\n[ 187.523374] enetc_vf_setup_tc+0x1c/0x30\n[ 187.527306] mqprio_enable_offload+0x144/0x178\n[ 187.531766] mqprio_init+0x3ec/0x668\n[ 187.535351] qdisc_create+0x15c/0x488\n[ 187.539023] tc_modify_qdisc+0x398/0x73c\n[ 187.542958] rtnetlink_rcv_msg+0x128/0x378\n[ 187.547064] netlink_rcv_skb+0x60/0x130\n[ 187.550910] rtnetlink_rcv+0x18/0x24\n[ 187.554492] netlink_unicast+0x300/0x36c\n[ 187.558425] netlink_sendmsg+0x1a8/0x420\n[ 187.606759] ---[ end trace 0000000000000000 ]---\n\nIn addition, some PFs also do not support configuring preemptible TCs,\nsuch as eno1 and eno3 on LS1028A. It won't crash like it does for VFs,\nbut we should prevent these PFs from accessing these unimplemented\nregisters."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/net/ethernet/freescale/enetc/enetc.c"
	],
	"versions": [
	{
	"version": "827145392a4aad635b93e5235b7d7fecc2fa31c7",
	"lessThan": "66127f0d1ecf00604aeab71132bde398fd9ec7c9",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "827145392a4aad635b93e5235b7d7fecc2fa31c7",
	"lessThan": "b718b68a9964181e24d15138a09ce95785a19002",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "827145392a4aad635b93e5235b7d7fecc2fa31c7",
	"lessThan": "b2420b8c81ec674552d00c55d46245e5c184b260",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/net/ethernet/freescale/enetc/enetc.c"
	],
	"versions": [
	{
	"version": "6.4",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "6.4",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.6.66",
	"lessThanOrEqual": "6.6.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.12.5",
	"lessThanOrEqual": "6.12.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.13",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.4",
	"versionEndExcluding": "6.6.66"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.4",
	"versionEndExcluding": "6.12.5"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.4",
	"versionEndExcluding": "6.13"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/66127f0d1ecf00604aeab71132bde398fd9ec7c9"
	},
	{
	"url": "https://git.kernel.org/stable/c/b718b68a9964181e24d15138a09ce95785a19002"
	},
	{
	"url": "https://git.kernel.org/stable/c/b2420b8c81ec674552d00c55d46245e5c184b260"
	}
	],
	"title": "net: enetc: Do not configure preemptible TCs if SIs do not support",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2024-56649",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}