In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: SHAMPO, Fix incorrect page release
Under the following conditions: 1) No skb created yet 2) headersize == 0 (no SHAMPO header) 3) headerindex + 1 % MLX5ESHAMPOWQHEADERPER_PAGE == 0 (this is the last page fragment of a SHAMPO header page)
a new skb is formed with a page that is NOT a SHAMPO header page (it is a regular data page). Further down in the same function (mlx5ehandlerxcqempwrqshampo()), a SHAMPO header page from headerindex is released. This is wrong and it leads to SHAMPO header pages being released more than once.
{ "vanir_signatures": [ { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c909ab41df2b09cde919801c7a7b6bb2cc37ea22", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "233830391815689587131403716911653464176", "263259629088204320039088994137913762498", "23091244922705701406023418123800010863", "2785819647372665866580035852026171447" ] }, "id": "CVE-2024-46717-0ee455f4", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c" }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70bd03b89f20b9bbe51a7f73c4950565a17a45f7", "signature_type": "Function", "digest": { "function_hash": "44079830094813108697282720442334023036", "length": 2243.0 }, "id": "CVE-2024-46717-3c0ae8cc", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c", "function": "mlx5e_handle_rx_cqe_mpwrq_shampo" }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c909ab41df2b09cde919801c7a7b6bb2cc37ea22", "signature_type": "Function", "digest": { "function_hash": "84539557777426548304739222323881668289", "length": 2278.0 }, "id": "CVE-2024-46717-50d16061", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c", "function": "mlx5e_handle_rx_cqe_mpwrq_shampo" }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@03924d117625ecb10ee3c9b65930bcb2c37ae629", "signature_type": "Function", "digest": { "function_hash": "177219966609145112669673044780822459454", "length": 2291.0 }, "id": "CVE-2024-46717-722d4ab8", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c", "function": "mlx5e_handle_rx_cqe_mpwrq_shampo" }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "233830391815689587131403716911653464176", "263259629088204320039088994137913762498", "23091244922705701406023418123800010863", "2785819647372665866580035852026171447" ] }, "id": "CVE-2024-46717-a0610554", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c" }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab", "signature_type": "Function", "digest": { "function_hash": "84539557777426548304739222323881668289", "length": 2278.0 }, "id": "CVE-2024-46717-e106444e", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c", "function": "mlx5e_handle_rx_cqe_mpwrq_shampo" }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70bd03b89f20b9bbe51a7f73c4950565a17a45f7", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "233830391815689587131403716911653464176", "263259629088204320039088994137913762498", "23091244922705701406023418123800010863", "2785819647372665866580035852026171447" ] }, "id": "CVE-2024-46717-e83d3196", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c" }, "deprecated": false, "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@03924d117625ecb10ee3c9b65930bcb2c37ae629", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "233830391815689587131403716911653464176", "263259629088204320039088994137913762498", "23091244922705701406023418123800010863", "2785819647372665866580035852026171447" ] }, "id": "CVE-2024-46717-f3e651e8", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c" }, "deprecated": false, "signature_version": "v1" } ] }