{ "threat_severity" : "Moderate", "public_date" : "2024-08-17T00:00:00Z", "bugzilla" : { "description" : "kernel: net/mlx5: Fix missing lock on sync reset reload", "id" : "2305413", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2305413" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-617", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5: Fix missing lock on sync reset reload\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n…\nCPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116\nHardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\nWorkqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\nRIP: 0010:devl_assert_locked+0x3e/0x50\n…\nCall Trace:\n\n? __warn+0xa4/0x210\n? devl_assert_locked+0x3e/0x50\n? report_bug+0x160/0x280\n? handle_bug+0x3f/0x80\n? exc_invalid_op+0x17/0x40\n? asm_exc_invalid_op+0x1a/0x20\n? devl_assert_locked+0x3e/0x50\ndevlink_notify+0x88/0x2b0\n? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n? __pfx_devlink_notify+0x10/0x10\n? process_one_work+0x4b6/0xbb0\nprocess_one_work+0x4b6/0xbb0\n[…]", "On sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert. This may lead to a crash." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-42268\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42268\nhttps://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42268-2084@gregkh/T" ], "name" : "CVE-2024-42268", "csaw" : false }