CVE-2024-36006
- Source
- https://cve.org/CVERecord?id=CVE-2024-36006
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36006.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36006
- Downstream
- Related
- Published
- 2024-05-20T09:48:06.278Z
- Modified
- 2026-05-28T03:53:42.913623010Z
- Summary
- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrumacltcam: Fix incorrect list API usage
Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call listfirstentry() on the respective lists without checking that the lists are not empty. This is incorrect usage of the API, which leads to the following warning [1].
Fix by returning if the lists are empty as there is nothing to migrate in this case.
[1] WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrumacltcam.c:1266 mlxswspacltcamvchunkmigrateall+0x1f1/0> Modules linked in: CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxswcore mlxswspacltcamvregionrehashwork RIP: 0010:mlxswspacltcamvchunkmigrateall+0x1f1/0x2c0 [...] Call Trace: <TASK> mlxswspacltcamvregionrehashwork+0x6c/0x4a0 processonework+0x151/0x370 workerthread+0x2cb/0x3e0 kthread+0xd0/0x100 retfromfork+0x34/0x50 retfromfork_asm+0x1a/0x30 </TASK>
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36006.json", "cna_assigner": "Linux" }- References
-
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-613116.html
- https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530
- https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a
- https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154
- https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0
- https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40
- https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97
- https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36006.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-36006
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6f9579d4e3021b17b0a4cde6b04a6c94c9575cdfFixed0b2c13b670b168e324e1cf109e67056a20fd610aFixed09846c2309b150b8ce4e0ce96f058197598fc530Fixed64435b64e43d8ee60faa46c0cd04e323e8b2a7b0Fixed4526a56e02da3725db979358964df9cd9c567154Fixedab4ecfb627338e440ae11def004c524a00d93e40Fixedaf8b593c3dd9df82cb199be65863af004b09fd97Fixedb377add0f0117409c418ddd6504bd682ebe0bf79
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced5.1.0Fixed5.4.275
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.216
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.158
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.90
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.30
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.8.9