CVE-2024-35907
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35907
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35907.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-35907
- Downstream
- Related
- Published
- 2024-05-19T08:35:00Z
- Modified
- 2025-10-17T05:30:54.751129Z
- Summary
- mlxbf_gige: call request_irq() after NAPI initialized
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mlxbfgige: call requestirq() after NAPI initialized
The mlxbfgige driver encounters a NULL pointer exception in mlxbfgigeopen() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump b) trigger kdump via "echo c > /proc/sysrq-trigger" c) kdump kernel executes d) kdump kernel loads mlxbfgige module e) the mlxbfgige module runs its open() as the the "oobnet0" interface is brought up f) mlxbf_gige module will experience an exception during its open(), something like:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000004 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=00000000e29a4000 [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000086000004 [#1] SMP CPU: 0 PID: 812 Comm: NetworkManager Tainted: G OE 5.15.0-1035-bluefield #37-Ubuntu Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.6.0.13024 Jan 19 2024 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr : __napi_poll+0x40/0x230 sp : ffff800008003e00 x29: ffff800008003e00 x28: 0000000000000000 x27: 00000000ffffffff x26: ffff000066027238 x25: ffff00007cedec00 x24: ffff800008003ec8 x23: 000000000000012c x22: ffff800008003eb7 x21: 0000000000000000 x20: 0000000000000001 x19: ffff000066027238 x18: 0000000000000000 x17: ffff578fcb450000 x16: ffffa870b083c7c0 x15: 0000aaab010441d0 x14: 0000000000000001 x13: 00726f7272655f65 x12: 6769675f6662786c x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa870b0842398 x8 : 0000000000000004 x7 : fe5a48b9069706ea x6 : 17fdb11fc84ae0d2 x5 : d94a82549d594f35 x4 : 0000000000000000 x3 : 0000000000400100 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000066027238 Call trace: 0x0 net_rx_action+0x178/0x360 __do_softirq+0x15c/0x428 __irq_exit_rcu+0xac/0xec irq_exit+0x18/0x2c handle_domain_irq+0x6c/0xa0 gic_handle_irq+0xec/0x1b0 call_on_irq_stack+0x20/0x2c do_interrupt_handler+0x5c/0x70 el1_interrupt+0x30/0x50 el1h_64_irq_handler+0x18/0x2c el1h_64_irq+0x7c/0x80 __setup_irq+0x4c0/0x950 request_threaded_irq+0xf4/0x1bc mlxbf_gige_request_irqs+0x68/0x110 [mlxbf_gige] mlxbf_gige_open+0x5c/0x170 [mlxbf_gige] __dev_open+0x100/0x220 __dev_change_flags+0x16c/0x1f0 dev_change_flags+0x2c/0x70 do_setlink+0x220/0xa40 __rtnl_newlink+0x56c/0x8a0 rtnl_newlink+0x58/0x84 rtnetlink_rcv_msg+0x138/0x3c4 netlink_rcv_skb+0x64/0x130 rtnetlink_rcv+0x20/0x30 netlink_unicast+0x2ec/0x360 netlink_sendmsg+0x278/0x490 __sock_sendmsg+0x5c/0x6c ____sys_sendmsg+0x290/0x2d4 ___sys_sendmsg+0x84/0xd0 __sys_sendmsg+0x70/0xd0 __arm64_sys_sendmsg+0x2c/0x40 invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x54/0x184 do_el0_svc+0x30/0xac el0_svc+0x48/0x160 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Code: bad PC value ---[ end trace 7d1c3f3bf9d81885 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt Kernel Offset: 0x2870a7a00000 from 0xffff800008000000 PHYS_OFFSET: 0x80000000 CPU features: 0x0,000005c1,a3332a5a Memory Limit: none ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---The exception happens because there is a pending RX interrupt before the call to requestirq(RX IRQ) executes. Then, the RX IRQ handler fires immediately after this requestirq() completes. The ---truncated---
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/24444af5ddf729376b90db0f135fa19973cb5dab
- https://git.kernel.org/stable/c/867a2f598af6a645c865d1101b58c5e070c6dd9e
- https://git.kernel.org/stable/c/8feb1652afe9c5d019059a55c90f70690dce0f52
- https://git.kernel.org/stable/c/a583117668ddb86e98f2e11c7caa3db0e6df52a3
- https://git.kernel.org/stable/c/f7442a634ac06b953fc1f7418f307b25acd4cfbc
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf92e1869d74e1acc6551256eb084a1c14a054e19Fixeda583117668ddb86e98f2e11c7caa3db0e6df52a3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf92e1869d74e1acc6551256eb084a1c14a054e19Fixed24444af5ddf729376b90db0f135fa19973cb5dab
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf92e1869d74e1acc6551256eb084a1c14a054e19Fixed867a2f598af6a645c865d1101b58c5e070c6dd9e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf92e1869d74e1acc6551256eb084a1c14a054e19Fixed8feb1652afe9c5d019059a55c90f70690dce0f52
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf92e1869d74e1acc6551256eb084a1c14a054e19Fixedf7442a634ac06b953fc1f7418f307b25acd4cfbc
Affected versions
v5.*
v5.13
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.100
v5.15.101
v5.15.102
v5.15.103
v5.15.104
v5.15.105
v5.15.106
v5.15.107
v5.15.108
v5.15.109
v5.15.11
v5.15.110
v5.15.111
v5.15.112
v5.15.113
v5.15.114
v5.15.115
v5.15.116
v5.15.117
v5.15.118
v5.15.119
v5.15.12
v5.15.120
v5.15.121
v5.15.122
v5.15.123
v5.15.124
v5.15.125
v5.15.126
v5.15.127
v5.15.128
v5.15.129
v5.15.13
v5.15.130
v5.15.131
v5.15.132
v5.15.133
v5.15.134
v5.15.135
v5.15.136
v5.15.137
v5.15.138
v5.15.139
v5.15.14
v5.15.140
v5.15.141
v5.15.142
v5.15.143
v5.15.144
v5.15.145
v5.15.146
v5.15.147
v5.15.148
v5.15.149
v5.15.15
v5.15.150
v5.15.151
v5.15.152
v5.15.153
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.82
v5.15.83
v5.15.84
v5.15.85
v5.15.86
v5.15.87
v5.15.88
v5.15.89
v5.15.9
v5.15.90
v5.15.91
v5.15.92
v5.15.93
v5.15.94
v5.15.95
v5.15.96
v5.15.97
v5.15.98
v5.15.99
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"187677855121916932351605861631100693616",
"23211471179841072777481832167263772120",
"20650020225006025218729133526706274915",
"17385920685407681086901869279067737468",
"158186454980727902778221752944166130321",
"286377138252670156638220572142562608206",
"234125525767868327125139010713594249314",
"250948688348669016907117736076176797578",
"110150082623044564128909583301137444067",
"70962164624182840919208221647546386246",
"172656949087103332325623046178067717445",
"323038429799153170030745675380396123060",
"319316981604015320783204686203854083519",
"157329010309737615263894203022187023659",
"108760815057318796662579732093857579639",
"278449349720938623633712904338673898870",
"244269113941710305905952420802139165963",
"39181153742871619478591621129215039256",
"73405630336680772588416867369018270323",
"66380700450778862016121891975028074434",
"92068670371347522537324881226213984310",
"281243051742191836635811285007300786849"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@24444af5ddf729376b90db0f135fa19973cb5dab",
"id": "CVE-2024-35907-1293ccc0",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "mlxbf_gige_open",
"file": "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
},
"deprecated": false,
"digest": {
"function_hash": "151891382553958826471447199286358531206",
"length": 1128.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f7442a634ac06b953fc1f7418f307b25acd4cfbc",
"id": "CVE-2024-35907-145a11a8",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "mlxbf_gige_open",
"file": "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
},
"deprecated": false,
"digest": {
"function_hash": "151891382553958826471447199286358531206",
"length": 1128.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@24444af5ddf729376b90db0f135fa19973cb5dab",
"id": "CVE-2024-35907-375a9293",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"187677855121916932351605861631100693616",
"23211471179841072777481832167263772120",
"20650020225006025218729133526706274915",
"17385920685407681086901869279067737468",
"158186454980727902778221752944166130321",
"286377138252670156638220572142562608206",
"234125525767868327125139010713594249314",
"250948688348669016907117736076176797578",
"110150082623044564128909583301137444067",
"70962164624182840919208221647546386246",
"222069785320297659589495075931870748132",
"323038429799153170030745675380396123060",
"319316981604015320783204686203854083519",
"157329010309737615263894203022187023659",
"108760815057318796662579732093857579639",
"278449349720938623633712904338673898870",
"244269113941710305905952420802139165963",
"39181153742871619478591621129215039256",
"73405630336680772588416867369018270323",
"66380700450778862016121891975028074434",
"92068670371347522537324881226213984310",
"281243051742191836635811285007300786849"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a583117668ddb86e98f2e11c7caa3db0e6df52a3",
"id": "CVE-2024-35907-457ad4a0",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "mlxbf_gige_open",
"file": "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
},
"deprecated": false,
"digest": {
"function_hash": "28565055894859660795141654691988141942",
"length": 1147.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a583117668ddb86e98f2e11c7caa3db0e6df52a3",
"id": "CVE-2024-35907-932501a2",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"187677855121916932351605861631100693616",
"23211471179841072777481832167263772120",
"20650020225006025218729133526706274915",
"17385920685407681086901869279067737468",
"158186454980727902778221752944166130321",
"286377138252670156638220572142562608206",
"234125525767868327125139010713594249314",
"250948688348669016907117736076176797578",
"110150082623044564128909583301137444067",
"70962164624182840919208221647546386246",
"172656949087103332325623046178067717445",
"323038429799153170030745675380396123060",
"319316981604015320783204686203854083519",
"157329010309737615263894203022187023659",
"108760815057318796662579732093857579639",
"278449349720938623633712904338673898870",
"244269113941710305905952420802139165963",
"39181153742871619478591621129215039256",
"73405630336680772588416867369018270323",
"66380700450778862016121891975028074434",
"92068670371347522537324881226213984310",
"281243051742191836635811285007300786849"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8feb1652afe9c5d019059a55c90f70690dce0f52",
"id": "CVE-2024-35907-a8fa6a6e",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "mlxbf_gige_open",
"file": "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
},
"deprecated": false,
"digest": {
"function_hash": "151891382553958826471447199286358531206",
"length": 1128.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@867a2f598af6a645c865d1101b58c5e070c6dd9e",
"id": "CVE-2024-35907-ab02ddb1",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"187677855121916932351605861631100693616",
"23211471179841072777481832167263772120",
"20650020225006025218729133526706274915",
"17385920685407681086901869279067737468",
"158186454980727902778221752944166130321",
"286377138252670156638220572142562608206",
"234125525767868327125139010713594249314",
"250948688348669016907117736076176797578",
"110150082623044564128909583301137444067",
"70962164624182840919208221647546386246",
"172656949087103332325623046178067717445",
"323038429799153170030745675380396123060",
"319316981604015320783204686203854083519",
"157329010309737615263894203022187023659",
"108760815057318796662579732093857579639",
"278449349720938623633712904338673898870",
"244269113941710305905952420802139165963",
"39181153742871619478591621129215039256",
"73405630336680772588416867369018270323",
"66380700450778862016121891975028074434",
"92068670371347522537324881226213984310",
"281243051742191836635811285007300786849"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f7442a634ac06b953fc1f7418f307b25acd4cfbc",
"id": "CVE-2024-35907-c4c5581e",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"187677855121916932351605861631100693616",
"23211471179841072777481832167263772120",
"20650020225006025218729133526706274915",
"17385920685407681086901869279067737468",
"158186454980727902778221752944166130321",
"286377138252670156638220572142562608206",
"234125525767868327125139010713594249314",
"250948688348669016907117736076176797578",
"110150082623044564128909583301137444067",
"70962164624182840919208221647546386246",
"172656949087103332325623046178067717445",
"323038429799153170030745675380396123060",
"319316981604015320783204686203854083519",
"157329010309737615263894203022187023659",
"108760815057318796662579732093857579639",
"278449349720938623633712904338673898870",
"244269113941710305905952420802139165963",
"39181153742871619478591621129215039256",
"73405630336680772588416867369018270323",
"66380700450778862016121891975028074434",
"92068670371347522537324881226213984310",
"281243051742191836635811285007300786849"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@867a2f598af6a645c865d1101b58c5e070c6dd9e",
"id": "CVE-2024-35907-e90e159e",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "mlxbf_gige_open",
"file": "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
},
"deprecated": false,
"digest": {
"function_hash": "151891382553958826471447199286358531206",
"length": 1128.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8feb1652afe9c5d019059a55c90f70690dce0f52",
"id": "CVE-2024-35907-f6976da6",
"signature_version": "v1"
}
]