CVE-2024-35959

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35959
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35959.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35959
Related
Published
2024-05-20T10:15:11Z
Modified
2024-09-11T05:04:07.330829Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix mlx5eprivinit() cleanup flow

When mlx5eprivinit() fails, the cleanup flow calls mlx5eselqcleanup which calls mlx5eselqapply() that assures that the priv->state_lock is held using lockdepisheld().

Acquire the statelock in mlx5eselq_cleanup().

Kernel log:

WARNING: suspicious RCU usage

6.8.0-rc3netnext_841a9b5 #1 Not tainted

drivers/net/ethernet/mellanox/mlx5/core/en/selq.c:124 suspicious rcudereferenceprotected() usage!

other info that might help us debug this:

rcuscheduleractive = 2, debuglocks = 1 2 locks held by systemd-modules/293: #0: ffffffffa05067b0 (devicesrwsem){++++}-{3:3}, at: ibregisterclient+0x109/0x1b0 [ibcore] #1: ffff8881096c65c0 (&device->clientdatarwsem){++++}-{3:3}, at: addclientcontext+0x104/0x1c0 [ibcore]

stack backtrace: CPU: 4 PID: 293 Comm: systemd-modules Not tainted 6.8.0-rc3netnext841a9b5 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dumpstacklvl+0x8a/0xa0 lockdeprcususpicious+0x154/0x1a0 mlx5eselqapply+0x94/0xa0 [mlx5core] mlx5eselqcleanup+0x3a/0x60 [mlx5core] mlx5eprivinit+0x2be/0x2f0 [mlx5core] mlx5rdmasetuprn+0x7c/0x1a0 [mlx5core] rdmainitnetdev+0x4e/0x80 [ibcore] ? mlx5rdmanetdevfree+0x70/0x70 [mlx5core] ipoibintfinit+0x64/0x550 [ibipoib] ipoibintfalloc+0x4e/0xc0 [ibipoib] ipoibaddone+0xb0/0x360 [ibipoib] addclientcontext+0x112/0x1c0 [ibcore] ibregisterclient+0x166/0x1b0 [ibcore] ? 0xffffffffa0573000 ipoibinitmodule+0xeb/0x1a0 [ibipoib] dooneinitcall+0x61/0x250 doinitmodule+0x8a/0x270 initmodulefromfile+0x8b/0xd0 idempotentinitmodule+0x17d/0x230 _x64sysfinitmodule+0x61/0xb0 dosyscall64+0x71/0x140 entrySYSCALL64afterhwframe+0x46/0x4e </TASK>

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.90-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.8.9-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1
6.6.8-1
6.6.9-1
6.6.11-1
6.6.13-1~bpo12+1
6.6.13-1
6.6.15-1
6.6.15-2
6.7-1~exp1
6.7.1-1~exp1
6.7.4-1~exp1
6.7.7-1
6.7.9-1
6.7.9-2
6.7.12-1~bpo12+1
6.7.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}