Ubuntu: (Multiple Advisories) (CVE-2024-35960): Linux kernel vulnerabilities

发布于3月6日3月6日

Members

Ubuntu: (Multiple Advisories) (CVE-2024-35960): Linux kernel vulnerabilities

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

05/20/2024

Created

07/12/2024

Added

07/12/2024

Modified

09/20/2024

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle tries hard to find and reference already existing identical rules instead of creating new ones. These two behaviors can result in a situation where create_flow_handle 1) creates a new rule and references it, then 2) in a subsequent step during the same handle creation references it again, resulting in a rule with a refcount of 2 that is not linked into the tree, will have a NULL parent and root and will result in a crash when the flow group is deleted because del_sw_hw_rule, invoked on rule deletion, assumes node->parent is != NULL. This happened in the wild, due to another bug related to incorrect handling of duplicate pkt_reformat ids, which lead to the code in create_flow_handle incorrectly referencing a just-added rule in the same flow handle, resulting in the problem described above. Full details are at [1]. This patch changes add_rule_fg to add new rules without parents into the tree, properly initializing them and avoiding the crash. This makes it more consistent with how rules are added to an FTE in create_flow_handle.

Solution(s)

ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp
ubuntu-upgrade-linux-image-5-15-0-1048-gkeop
ubuntu-upgrade-linux-image-5-15-0-1058-ibm
ubuntu-upgrade-linux-image-5-15-0-1058-raspi
ubuntu-upgrade-linux-image-5-15-0-1060-intel-iotg
ubuntu-upgrade-linux-image-5-15-0-1060-nvidia
ubuntu-upgrade-linux-image-5-15-0-1060-nvidia-lowlatency
ubuntu-upgrade-linux-image-5-15-0-1062-gke
ubuntu-upgrade-linux-image-5-15-0-1062-kvm
ubuntu-upgrade-linux-image-5-15-0-1063-oracle
ubuntu-upgrade-linux-image-5-15-0-1064-gcp
ubuntu-upgrade-linux-image-5-15-0-1065-aws
ubuntu-upgrade-linux-image-5-15-0-1065-gcp
ubuntu-upgrade-linux-image-5-15-0-1068-azure
ubuntu-upgrade-linux-image-5-15-0-1068-azure-fde
ubuntu-upgrade-linux-image-5-15-0-116-generic
ubuntu-upgrade-linux-image-5-15-0-116-generic-64k
ubuntu-upgrade-linux-image-5-15-0-116-generic-lpae
ubuntu-upgrade-linux-image-5-15-0-116-lowlatency
ubuntu-upgrade-linux-image-5-15-0-116-lowlatency-64k
ubuntu-upgrade-linux-image-5-4-0-1040-iot
ubuntu-upgrade-linux-image-5-4-0-1047-xilinx-zynqmp
ubuntu-upgrade-linux-image-5-4-0-1075-ibm
ubuntu-upgrade-linux-image-5-4-0-1088-bluefield
ubuntu-upgrade-linux-image-5-4-0-1095-gkeop
ubuntu-upgrade-linux-image-5-4-0-1112-raspi
ubuntu-upgrade-linux-image-5-4-0-1116-kvm
ubuntu-upgrade-linux-image-5-4-0-1127-oracle
ubuntu-upgrade-linux-image-5-4-0-1128-aws
ubuntu-upgrade-linux-image-5-4-0-1132-gcp
ubuntu-upgrade-linux-image-5-4-0-1133-azure
ubuntu-upgrade-linux-image-5-4-0-189-generic
ubuntu-upgrade-linux-image-5-4-0-189-generic-lpae
ubuntu-upgrade-linux-image-5-4-0-189-lowlatency
ubuntu-upgrade-linux-image-6-8-0-1006-gke
ubuntu-upgrade-linux-image-6-8-0-1007-intel
ubuntu-upgrade-linux-image-6-8-0-1007-raspi
ubuntu-upgrade-linux-image-6-8-0-1008-ibm
ubuntu-upgrade-linux-image-6-8-0-1008-oem
ubuntu-upgrade-linux-image-6-8-0-1008-oracle
ubuntu-upgrade-linux-image-6-8-0-1008-oracle-64k
ubuntu-upgrade-linux-image-6-8-0-1009-nvidia
ubuntu-upgrade-linux-image-6-8-0-1009-nvidia-64k
ubuntu-upgrade-linux-image-6-8-0-1010-azure
ubuntu-upgrade-linux-image-6-8-0-1010-azure-fde
ubuntu-upgrade-linux-image-6-8-0-1010-gcp
ubuntu-upgrade-linux-image-6-8-0-1011-aws
ubuntu-upgrade-linux-image-6-8-0-38-generic
ubuntu-upgrade-linux-image-6-8-0-38-generic-64k
ubuntu-upgrade-linux-image-6-8-0-38-lowlatency
ubuntu-upgrade-linux-image-6-8-0-38-lowlatency-64k
ubuntu-upgrade-linux-image-aws
ubuntu-upgrade-linux-image-aws-lts-20-04
ubuntu-upgrade-linux-image-aws-lts-22-04
ubuntu-upgrade-linux-image-azure
ubuntu-upgrade-linux-image-azure-cvm
ubuntu-upgrade-linux-image-azure-fde
ubuntu-upgrade-linux-image-azure-fde-lts-22-04
ubuntu-upgrade-linux-image-azure-lts-20-04
ubuntu-upgrade-linux-image-azure-lts-22-04
ubuntu-upgrade-linux-image-bluefield
ubuntu-upgrade-linux-image-gcp
ubuntu-upgrade-linux-image-gcp-lts-20-04
ubuntu-upgrade-linux-image-gcp-lts-22-04
ubuntu-upgrade-linux-image-generic
ubuntu-upgrade-linux-image-generic-64k
ubuntu-upgrade-linux-image-generic-64k-hwe-20-04
ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
ubuntu-upgrade-linux-image-generic-hwe-18-04
ubuntu-upgrade-linux-image-generic-hwe-20-04
ubuntu-upgrade-linux-image-generic-hwe-24-04
ubuntu-upgrade-linux-image-generic-lpae
ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04
ubuntu-upgrade-linux-image-gke
ubuntu-upgrade-linux-image-gke-5-15
ubuntu-upgrade-linux-image-gkeop
ubuntu-upgrade-linux-image-gkeop-5-15
ubuntu-upgrade-linux-image-gkeop-5-4
ubuntu-upgrade-linux-image-ibm
ubuntu-upgrade-linux-image-ibm-classic
ubuntu-upgrade-linux-image-ibm-lts-20-04
ubuntu-upgrade-linux-image-ibm-lts-24-04
ubuntu-upgrade-linux-image-intel
ubuntu-upgrade-linux-image-intel-iotg
ubuntu-upgrade-linux-image-kvm
ubuntu-upgrade-linux-image-lowlatency
ubuntu-upgrade-linux-image-lowlatency-64k
ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
ubuntu-upgrade-linux-image-lowlatency-hwe-18-04
ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
ubuntu-upgrade-linux-image-nvidia
ubuntu-upgrade-linux-image-nvidia-64k
ubuntu-upgrade-linux-image-nvidia-lowlatency
ubuntu-upgrade-linux-image-oem
ubuntu-upgrade-linux-image-oem-20-04
ubuntu-upgrade-linux-image-oem-20-04b
ubuntu-upgrade-linux-image-oem-20-04c
ubuntu-upgrade-linux-image-oem-20-04d
ubuntu-upgrade-linux-image-oem-24-04
ubuntu-upgrade-linux-image-oem-24-04a
ubuntu-upgrade-linux-image-oem-osp1
ubuntu-upgrade-linux-image-oracle
ubuntu-upgrade-linux-image-oracle-64k
ubuntu-upgrade-linux-image-oracle-lts-20-04
ubuntu-upgrade-linux-image-oracle-lts-22-04
ubuntu-upgrade-linux-image-raspi
ubuntu-upgrade-linux-image-raspi-hwe-18-04
ubuntu-upgrade-linux-image-raspi-nolpae
ubuntu-upgrade-linux-image-raspi2
ubuntu-upgrade-linux-image-snapdragon-hwe-18-04
ubuntu-upgrade-linux-image-virtual
ubuntu-upgrade-linux-image-virtual-hwe-18-04
ubuntu-upgrade-linux-image-virtual-hwe-20-04
ubuntu-upgrade-linux-image-virtual-hwe-24-04
ubuntu-upgrade-linux-image-xilinx-zynqmp

References

https://attackerkb.com/topics/cve-2024-35960
CVE - 2024-35960
USN-6893-1
USN-6893-2
USN-6893-3
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6918-1
USN-6919-1
USN-6927-1
USN-7019-1

登录

Ubuntu: (Multiple Advisories) (CVE-2024-35960): Linux kernel vulnerabilities

recommended_posts

Ubuntu: (Multiple Advisories) (CVE-2024-35960): Linux kernel vulnerabilities

Description

Solution(s)

References

欢迎来到红帽社区

社区动态

红龙逆向工具箱2025最新版(ISHACK改良版)

修改底部版权信息

ips4.7升级到5.x版本问题。

IPS Invision Community 经常自动退出登录解决

网站程序安装中文语言包时没有中文选项？Debian中文包

帐户

导航

搜索