In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Discard command completions in internal error
Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command interface and trigger all completions manually.
Kernel log: ------------[ cut here ]------------ refcountt: underflow; use-after-free. ... RIP: 0010:refcountwarnsaturate+0xd8/0xe0 ... Call Trace: <IRQ> ? _warn+0x79/0x120 ? refcountwarnsaturate+0xd8/0xe0 ? reportbug+0x17c/0x190 ? handlebug+0x3c/0x60 ? excinvalidop+0x14/0x70 ? asmexcinvalidop+0x16/0x20 ? refcountwarnsaturate+0xd8/0xe0 cmdentput+0x13b/0x160 [mlx5core] mlx5cmdcomphandler+0x5f9/0x670 [mlx5core] cmdcompnotifier+0x1f/0x30 [mlx5core] notifiercallchain+0x35/0xb0 atomicnotifiercallchain+0x16/0x20 mlx5eqasyncint+0xf6/0x290 [mlx5core] notifiercallchain+0x35/0xb0 atomicnotifiercallchain+0x16/0x20 irqinthandler+0x19/0x30 [mlx5core] _handleirqeventpercpu+0x4b/0x160 handleirqevent+0x2e/0x80 handleedgeirq+0x98/0x230 _commoninterrupt+0x3b/0xa0 commoninterrupt+0x7b/0xa0 </IRQ> <TASK> asmcommon_interrupt+0x22/0x40
{ "vanir_signatures": [ { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3cb92b0ad73d3f1734e812054e698d655e9581b0", "signature_type": "Function", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c", "function": "cmd_comp_notifier" }, "id": "CVE-2024-38555-2455a2fe", "digest": { "function_hash": "15580755944550982753571026288573407061", "length": 316.0 }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bf8aaf0ae01c27ae3c06aa8610caf91e50393396", "signature_type": "Function", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c", "function": "cmd_comp_notifier" }, "id": "CVE-2024-38555-2dfbd80d", "digest": { "function_hash": "15580755944550982753571026288573407061", "length": 316.0 }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@db9b31aa9bc56ff0d15b78f7e827d61c4a096e40", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c" }, "id": "CVE-2024-38555-41503556", "digest": { "threshold": 0.9, "line_hashes": [ "68225501893710407372178475213964702120", "188065419024284924532197796747573449438", "268769170230679626542723260689435022364" ] }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c" }, "id": "CVE-2024-38555-4c82d322", "digest": { "threshold": 0.9, "line_hashes": [ "68225501893710407372178475213964702120", "188065419024284924532197796747573449438", "268769170230679626542723260689435022364" ] }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb", "signature_type": "Function", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c", "function": "cmd_comp_notifier" }, "id": "CVE-2024-38555-4fd8716c", "digest": { "function_hash": "15580755944550982753571026288573407061", "length": 316.0 }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6fbb8535e990f844371086ab2c1221f71f993d3", "signature_type": "Function", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c", "function": "cmd_comp_notifier" }, "id": "CVE-2024-38555-57867859", "digest": { "function_hash": "15580755944550982753571026288573407061", "length": 316.0 }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3cb92b0ad73d3f1734e812054e698d655e9581b0", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c" }, "id": "CVE-2024-38555-58242c6b", "digest": { "threshold": 0.9, "line_hashes": [ "68225501893710407372178475213964702120", "188065419024284924532197796747573449438", "268769170230679626542723260689435022364" ] }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d5dce5e92a70274de67a59e1e674c3267f94cd7", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c" }, "id": "CVE-2024-38555-7165a6af", "digest": { "threshold": 0.9, "line_hashes": [ "68225501893710407372178475213964702120", "188065419024284924532197796747573449438", "268769170230679626542723260689435022364" ] }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6fbb8535e990f844371086ab2c1221f71f993d3", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c" }, "id": "CVE-2024-38555-821ff109", "digest": { "threshold": 0.9, "line_hashes": [ "68225501893710407372178475213964702120", "188065419024284924532197796747573449438", "268769170230679626542723260689435022364" ] }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@db9b31aa9bc56ff0d15b78f7e827d61c4a096e40", "signature_type": "Function", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c", "function": "cmd_comp_notifier" }, "id": "CVE-2024-38555-89892001", "digest": { "function_hash": "15580755944550982753571026288573407061", "length": 316.0 }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ac4c69c34240c6de820492c0a28a0bd1494265a", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c" }, "id": "CVE-2024-38555-955044f4", "digest": { "threshold": 0.9, "line_hashes": [ "68225501893710407372178475213964702120", "188065419024284924532197796747573449438", "268769170230679626542723260689435022364" ] }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d5dce5e92a70274de67a59e1e674c3267f94cd7", "signature_type": "Function", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c", "function": "cmd_comp_notifier" }, "id": "CVE-2024-38555-b7272593", "digest": { "function_hash": "15580755944550982753571026288573407061", "length": 316.0 }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bf8aaf0ae01c27ae3c06aa8610caf91e50393396", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c" }, "id": "CVE-2024-38555-bf80b13e", "digest": { "threshold": 0.9, "line_hashes": [ "68225501893710407372178475213964702120", "188065419024284924532197796747573449438", "268769170230679626542723260689435022364" ] }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ac4c69c34240c6de820492c0a28a0bd1494265a", "signature_type": "Function", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c", "function": "cmd_comp_notifier" }, "id": "CVE-2024-38555-d7a6348b", "digest": { "function_hash": "15580755944550982753571026288573407061", "length": 316.0 }, "deprecated": false, "signature_version": "v1" } ] }