CVE-2024-38606

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-38606
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38606.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-38606
Downstream
Related
Published
2024-06-19T13:48:16Z
Modified
2025-10-09T11:35:55.408123Z
Summary
crypto: qat - validate slices count returned by FW
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: qat - validate slices count returned by FW

The function adfsendadmintlstart() enables the telemetry (TL) feature on a QAT device by sending the ICPQATFWTLSTART message to the firmware. This triggers the FW to start writing TL data to a DMA buffer in memory and returns an array containing the number of accelerators of each type (slices) supported by this HW. The pointer to this array is stored in the adftlhwdata data structure called slicecnt.

The array slicecnt is then used in the function tlprintdevdata() to report in debugfs only statistics about the supported accelerators. An incorrect value of the elements in slice_cnt might lead to an out of bounds memory read. At the moment, there isn't an implementation of FW that returns a wrong value, but for robustness validate the slice count array returned by FW.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
69e7649f7cc2aaa7889174456d39319a623c1a18
Fixed
e57ed345e2e6043629fc74aa5be051415dcc4f77
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
69e7649f7cc2aaa7889174456d39319a623c1a18
Fixed
9b284b915e2a5e63ca133353f8c456eff4446f82
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
69e7649f7cc2aaa7889174456d39319a623c1a18
Fixed
483fd65ce29317044d1d00757e3fd23503b6b04c

Affected versions

v6.*

v6.7
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.10
v6.8.11
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.8.12
Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.9.3