AZL-49788
See a problem?- Import Source
- https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-49788.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/AZL-49788
- Upstream
- Published
- 2024-09-27T13:15:17Z
- Modified
- 2026-04-01T05:17:26.415551Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- CVE-2024-46857 affecting package kernel for versions less than 6.6.56.1-5
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix bridge mode operations when there are no VFs
Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash:
bridge link set dev eth2 hwmode vepa
[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] [ 168.969989] RIP: 0010:mlx5addflowrules+0x1f/0x300 [mlx5core] [...] [ 168.976037] Call Trace: [ 168.976188] <TASK> [ 168.978620] mlx5eswitchsetvepalocked+0x113/0x230 [mlx5core] [ 168.979074] mlx5eswitchsetvepa+0x7f/0xa0 [mlx5core] [ 168.979471] rtnlbridgesetlink+0xe9/0x1f0 [ 168.979714] rtnetlinkrcvmsg+0x159/0x400 [ 168.980451] netlinkrcvskb+0x54/0x100 [ 168.980675] netlinkunicast+0x241/0x360 [ 168.980918] netlinksendmsg+0x1f6/0x430 [ 168.981162] ____sys_sendmsg+0x3bb/0x3f0 [ 168.982155] ___sys_sendmsg+0x88/0xd0 [ 168.985036] _syssendmsg+0x59/0xa0 [ 168.985477] dosyscall64+0x79/0x150 [ 168.987273] entrySYSCALL64afterhwframe+0x76/0x7e [ 168.987773] RIP: 0033:0x7f8f7950f917
(esw->fdbtable.legacy.vepafdb is null)
The bridge mode is only relevant when there are multiple functions per port. Therefore, prevent setting and getting this setting when there are no VFs.
Note that after this change, there are no settings to change on the PF interface using
bridge linkwhen there are no VFs, so the interface no longer appears in thebridge linkoutput. - References