{
  "threat_severity" : "Moderate",
  "public_date" : "2024-02-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption",
    "id" : "2265645",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2265645"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmlxsw: spectrum_acl_tcam: Fix stack corruption\nWhen tc filters are first added to a net device, the corresponding local\nport gets bound to an ACL group in the device. The group contains a list\nof ACLs. In turn, each ACL points to a different TCAM region where the\nfilters are stored. During forwarding, the ACLs are sequentially\nevaluated until a match is found.\nOne reason to place filters in different regions is when they are added\nwith decreasing priorities and in an alternating order so that two\nconsecutive filters can never fit in the same region because of their\nkey usage.\nIn Spectrum-2 and newer ASICs the firmware started to report that the\nmaximum number of ACLs in a group is more than 16, but the layout of the\nregister that configures ACL groups (PAGT) was not updated to account\nfor that. It is therefore possible to hit stack corruption [1] in the\nrare case where more than 16 ACLs in a group are required.\nFix by limiting the maximum ACL group size to the minimum between what\nthe firmware reports and the maximum ACLs that fit in the PAGT register.\nAdd a test case to make sure the machine does not crash when this\ncondition is hit.\n[1]\nKernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120\n[...]\ndump_stack_lvl+0x36/0x50\npanic+0x305/0x330\n__stack_chk_fail+0x15/0x20\nmlxsw_sp_acl_tcam_group_update+0x116/0x120\nmlxsw_sp_acl_tcam_group_region_attach+0x69/0x110\nmlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20\nmlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\nmlxsw_sp_acl_rule_add+0x47/0x240\nmlxsw_sp_flower_replace+0x1a9/0x1d0\ntc_setup_cb_add+0xdc/0x1c0\nfl_hw_replace_filter+0x146/0x1f0\nfl_change+0xc17/0x1360\ntc_new_tfilter+0x472/0xb90\nrtnetlink_rcv_msg+0x313/0x3b0\nnetlink_rcv_skb+0x58/0x100\nnetlink_unicast+0x244/0x390\nnetlink_sendmsg+0x1e4/0x440\n____sys_sendmsg+0x164/0x260\n___sys_sendmsg+0x9a/0xe0\n__sys_sendmsg+0x7a/0xc0\ndo_syscall_64+0x40/0xe0\nentry_SYSCALL_64_after_hwframe+0x63/0x6b", "A kernel stack flaw that corrupted the Linux kernel’s Mellanox Technologies Spectrum Ethernet driver was found when a user initialized more than 16 access control lists (ACLs). This flaw allows a local user to crash or potentially escalate their privileges on the system." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-08-08T00:00:00Z",
    "advisory" : "RHSA-2024:5102",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-08-08T00:00:00Z",
    "advisory" : "RHSA-2024:5101",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.16.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2024-04-23T00:00:00Z",
    "advisory" : "RHSA-2024:2006",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "kernel-0:4.18.0-193.133.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
    "release_date" : "2024-04-23T00:00:00Z",
    "advisory" : "RHSA-2024:2008",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.2::nfv",
    "package" : "kernel-rt-0:4.18.0-193.133.1.rt13.184.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
    "release_date" : "2024-04-23T00:00:00Z",
    "advisory" : "RHSA-2024:2006",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.2",
    "package" : "kernel-0:4.18.0-193.133.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
    "release_date" : "2024-04-23T00:00:00Z",
    "advisory" : "RHSA-2024:2006",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.2",
    "package" : "kernel-0:4.18.0-193.133.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2582",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.130.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2585",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.4::nfv",
    "package" : "kernel-rt-0:4.18.0-305.130.1.rt7.206.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2582",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.4",
    "package" : "kernel-0:4.18.0-305.130.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2582",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.4",
    "package" : "kernel-0:4.18.0-305.130.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2024-05-02T00:00:00Z",
    "advisory" : "RHSA-2024:2674",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.6",
    "package" : "kernel-0:4.18.0-372.102.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "release_date" : "2024-06-11T00:00:00Z",
    "advisory" : "RHSA-2024:3810",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.8",
    "package" : "kernel-0:4.18.0-477.58.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2024-05-28T00:00:00Z",
    "advisory" : "RHSA-2024:3421",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0",
    "package" : "kernel-0:5.14.0-70.101.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2024-05-28T00:00:00Z",
    "advisory" : "RHSA-2024:3414",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.101.1.rt21.173.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-04-18T00:00:00Z",
    "advisory" : "RHSA-2024:1881",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2",
    "package" : "kernel-0:5.14.0-284.62.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-04-18T00:00:00Z",
    "advisory" : "RHSA-2024:1882",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.62.1.rt14.347.el9_2"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-02T00:00:00Z",
    "advisory" : "RHSA-2024:2674",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "kernel-0:4.18.0-372.102.1.el8_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26586\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26586\nhttps://lore.kernel.org/linux-cve-announce/2024022253-CVE-2024-26586-6632@gregkh/T/#u" ],
  "name" : "CVE-2024-26586",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the mlxsw_spectrum module from being loaded. Please see https://access.redhat.com/solutions/41278 for information on blacklisting a kernel module to prevent it from loading automatically.",
    "lang" : "en:us"
  },
  "csaw" : false
}