{
  "threat_severity" : "Low",
  "public_date" : "2024-06-19T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: net/mlx5e: Fix netif state handling",
    "id" : "2293356",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2293356"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5e: Fix netif state handling\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\nmlx5e_probe\n_mlx5e_resume\nmlx5e_attach_netdev\nmlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\nregister_netdev <-- failed for some reason.\nERROR_FLOW:\n_mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\nHence, clean resources in this case as well.\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n<TASK>\n? __die+0x20/0x60\n? page_fault_oops+0x14c/0x3c0\n? exc_page_fault+0x75/0x140\n? asm_exc_page_fault+0x22/0x30\nnotifier_call_chain+0x35/0xb0\nblocking_notifier_call_chain+0x3d/0x60\nmlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\nmlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\nmlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\nmlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n__mlx5_ib_add+0x34/0xd0 [mlx5_ib]\nmlx5r_probe+0xe1/0x210 [mlx5_ib]\n? auxiliary_match_id+0x6a/0x90\nauxiliary_bus_probe+0x38/0x80\n? driver_sysfs_add+0x51/0x80\nreally_probe+0xc9/0x3e0\n? driver_probe_device+0x90/0x90\n__driver_probe_device+0x80/0x160\ndriver_probe_device+0x1e/0x90\n__device_attach_driver+0x7d/0x100\nbus_for_each_drv+0x80/0xd0\n__device_attach+0xbc/0x1f0\nbus_probe_device+0x86/0xa0\ndevice_add+0x637/0x840\n__auxiliary_device_add+0x3b/0xa0\nadd_adev+0xc9/0x140 [mlx5_core]\nmlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\nmlx5_register_device+0x53/0xa0 [mlx5_core]\nmlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\nmlx5_init_one+0x3b/0x60 [mlx5_core]\nprobe_one+0x44c/0x730 [mlx5_core]\nlocal_pci_probe+0x3e/0x90\npci_device_probe+0xbf/0x210\n? kernfs_create_link+0x5d/0xa0\n? sysfs_do_create_link_sd+0x60/0xc0\nreally_probe+0xc9/0x3e0\n? driver_probe_device+0x90/0x90\n__driver_probe_device+0x80/0x160\ndriver_probe_device+0x1e/0x90\n__device_attach_driver+0x7d/0x100\nbus_for_each_drv+0x80/0xd0\n__device_attach+0xbc/0x1f0\npci_bus_add_device+0x54/0x80\npci_iov_add_virtfn+0x2e6/0x320\nsriov_enable+0x208/0x420\nmlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\nsriov_numvfs_store+0xae/0x1a0\nkernfs_fop_write_iter+0x10c/0x1a0\nvfs_write+0x291/0x3c0\nksys_write+0x5f/0xe0\ndo_syscall_64+0x3d/0x90\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nCR2: 0000000000000000\n---[ end trace 0000000000000000  ]---", "A vulnerability was found in the Linux kernel within the net/mlx5e component, where improper handling of network interface states could lead to a NULL pointer dereference or resource leaks if network registration fails during initialization. This condition could cause system instability, as resources may not be cleaned up correctly, although it presents a low risk due to limited overall impact." ],
  "statement" : "This vulnerability is rated as low severity, as it requires specific conditions in network interface setup and does not compromise confidentiality or integrity. Its impact is restricted to potential stability issues under rare circumstances.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-11-05T00:00:00Z",
    "advisory" : "RHSA-2024:8870",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.27.1.rt7.368.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-11-05T00:00:00Z",
    "advisory" : "RHSA-2024:8856",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.27.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-08-28T00:00:00Z",
    "advisory" : "RHSA-2024:5928",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.33.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-08-28T00:00:00Z",
    "advisory" : "RHSA-2024:5928",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.33.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-08-21T00:00:00Z",
    "advisory" : "RHSA-2024:5672",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2",
    "package" : "kernel-0:5.14.0-284.80.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-08-21T00:00:00Z",
    "advisory" : "RHSA-2024:5673",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.80.1.rt14.365.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-38608\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38608\nhttps://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T" ],
  "name" : "CVE-2024-38608",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}