CVE-2024-38606

The function adfsendadmintlstart() enables the telemetry (TL) feature on a QAT device by sending the ICPQATFWTLSTART message to the firmware. This triggers the FW to start writing TL data to a DMA buffer in memory and returns an array containing the number of accelerators of each type (slices) supported by this HW. The pointer to this array is stored in the adftlhwdata data structure called slicecnt.

The array slicecnt is then used in the function tlprintdevdata() to report in debugfs only statistics about the supported accelerators. An incorrect value of the elements in slice_cnt might lead to an out of bounds memory read. At the moment, there isn't an implementation of FW that returns a wrong value, but for robustness validate the slice count array returned by FW.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

69e7649f7cc2aaa7889174456d39319a623c1a18

Fixed

e57ed345e2e6043629fc74aa5be051415dcc4f77

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

69e7649f7cc2aaa7889174456d39319a623c1a18

Fixed

9b284b915e2a5e63ca133353f8c456eff4446f82

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

69e7649f7cc2aaa7889174456d39319a623c1a18

Fixed

483fd65ce29317044d1d00757e3fd23503b6b04c

Affected versions

v6.*

v6.7

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.8.1

v6.8.10

v6.8.11

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

v6.8.9

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

v6.9.1

v6.9.2

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-38606-16cc70a9",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_telemetry.h"
        },
        "digest": {
            "line_hashes": [
                "180061455649047354109625475621080265787",
                "229216177846901429860204781757742965573",
                "106101217354350026848629223566616525013",
                "37249914973876651882201340517962811960"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b284b915e2a5e63ca133353f8c456eff4446f82"
    },
    {
        "id": "CVE-2024-38606-2075a092",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_telemetry.c"
        },
        "digest": {
            "line_hashes": [
                "29753369863746486633864985455846459079",
                "204288953080831280888748798697466544407",
                "143906787657703220579300562194878075795",
                "118372063464582343671933344137209069361",
                "247249279103520865512820627663690470636",
                "167461233300855914547223562221027432946"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@483fd65ce29317044d1d00757e3fd23503b6b04c"
    },
    {
        "id": "CVE-2024-38606-3412fbbc",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_telemetry.c",
            "function": "adf_tl_run"
        },
        "digest": {
            "function_hash": "71477640490032360825763142958712723400",
            "length": 489.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b284b915e2a5e63ca133353f8c456eff4446f82"
    },
    {
        "id": "CVE-2024-38606-3d7ae64f",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_telemetry.c",
            "function": "adf_tl_run"
        },
        "digest": {
            "function_hash": "71477640490032360825763142958712723400",
            "length": 489.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@483fd65ce29317044d1d00757e3fd23503b6b04c"
    },
    {
        "id": "CVE-2024-38606-5f787e36",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_telemetry.c"
        },
        "digest": {
            "line_hashes": [
                "29753369863746486633864985455846459079",
                "204288953080831280888748798697466544407",
                "143906787657703220579300562194878075795",
                "118372063464582343671933344137209069361",
                "247249279103520865512820627663690470636",
                "167461233300855914547223562221027432946"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e57ed345e2e6043629fc74aa5be051415dcc4f77"
    },
    {
        "id": "CVE-2024-38606-761de9f2",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c",
            "function": "adf_gen4_init_tl_data"
        },
        "digest": {
            "function_hash": "181436277110161818537366086549746027014",
            "length": 719.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@483fd65ce29317044d1d00757e3fd23503b6b04c"
    },
    {
        "id": "CVE-2024-38606-7e9c2414",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c"
        },
        "digest": {
            "line_hashes": [
                "68287094432513464294544817278734269016",
                "258530929148589624709759790311487955804",
                "58245585901053150131811661421880545053"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@483fd65ce29317044d1d00757e3fd23503b6b04c"
    },
    {
        "id": "CVE-2024-38606-ad492e7c",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c"
        },
        "digest": {
            "line_hashes": [
                "68287094432513464294544817278734269016",
                "258530929148589624709759790311487955804",
                "58245585901053150131811661421880545053"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b284b915e2a5e63ca133353f8c456eff4446f82"
    },
    {
        "id": "CVE-2024-38606-b7d0d73f",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c",
            "function": "adf_gen4_init_tl_data"
        },
        "digest": {
            "function_hash": "181436277110161818537366086549746027014",
            "length": 719.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b284b915e2a5e63ca133353f8c456eff4446f82"
    },
    {
        "id": "CVE-2024-38606-c02112a1",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c",
            "function": "adf_gen4_init_tl_data"
        },
        "digest": {
            "function_hash": "181436277110161818537366086549746027014",
            "length": 719.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e57ed345e2e6043629fc74aa5be051415dcc4f77"
    },
    {
        "id": "CVE-2024-38606-c963c2e6",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_telemetry.c",
            "function": "adf_tl_run"
        },
        "digest": {
            "function_hash": "71477640490032360825763142958712723400",
            "length": 489.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e57ed345e2e6043629fc74aa5be051415dcc4f77"
    },
    {
        "id": "CVE-2024-38606-cb034f05",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c"
        },
        "digest": {
            "line_hashes": [
                "68287094432513464294544817278734269016",
                "258530929148589624709759790311487955804",
                "58245585901053150131811661421880545053"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e57ed345e2e6043629fc74aa5be051415dcc4f77"
    },
    {
        "id": "CVE-2024-38606-cb50a693",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_telemetry.h"
        },
        "digest": {
            "line_hashes": [
                "180061455649047354109625475621080265787",
                "229216177846901429860204781757742965573",
                "106101217354350026848629223566616525013",
                "37249914973876651882201340517962811960"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e57ed345e2e6043629fc74aa5be051415dcc4f77"
    },
    {
        "id": "CVE-2024-38606-d1878328",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_telemetry.c"
        },
        "digest": {
            "line_hashes": [
                "29753369863746486633864985455846459079",
                "204288953080831280888748798697466544407",
                "143906787657703220579300562194878075795",
                "118372063464582343671933344137209069361",
                "247249279103520865512820627663690470636",
                "167461233300855914547223562221027432946"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b284b915e2a5e63ca133353f8c456eff4446f82"
    },
    {
        "id": "CVE-2024-38606-e5cb76fa",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/crypto/intel/qat/qat_common/adf_telemetry.h"
        },
        "digest": {
            "line_hashes": [
                "180061455649047354109625475621080265787",
                "229216177846901429860204781757742965573",
                "106101217354350026848629223566616525013",
                "37249914973876651882201340517962811960"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@483fd65ce29317044d1d00757e3fd23503b6b04c"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.8.0

Fixed

6.8.12

Type: ECOSYSTEM
Events: Introduced

6.9.0

Fixed

6.9.3