CVE-2024-56660

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-56660
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56660.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-56660
Downstream
Related
Published
2024-12-27T15:06:23.161Z
Modified
2025-11-16T10:33:31.982325Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
net/mlx5: DR, prevent potential error pointer dereference
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: DR, prevent potential error pointer dereference

The drdomainaddvportcap() function generally returns NULL on error but sometimes we want it to return ERRPTR(-EBUSY) so the caller can retry. The problem here is that "ret" can be either -EBUSY or -ENOMEM and if it's and -ENOMEM then the error pointer is propogated back and eventually dereferenced in drstev0buildsrcgvmiqpntag().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
11a45def2e197532c46aa908dedd52bc1ee378a2
Fixed
61f720e801443d4e2a3c0261eda4ad8431458dca
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
11a45def2e197532c46aa908dedd52bc1ee378a2
Fixed
325cf73a1b449fea3158ab99d03a7a717aad1618
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
11a45def2e197532c46aa908dedd52bc1ee378a2
Fixed
a59c61a1869ceefc65ef02886f91e8cd0062211f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
11a45def2e197532c46aa908dedd52bc1ee378a2
Fixed
11776cff0b563c8b8a4fa76cab620bfb633a8cb8

Affected versions

v5.*

v5.15
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.100
v6.1.101
v6.1.102
v6.1.103
v6.1.104
v6.1.105
v6.1.106
v6.1.107
v6.1.108
v6.1.109
v6.1.11
v6.1.110
v6.1.111
v6.1.112
v6.1.113
v6.1.114
v6.1.115
v6.1.116
v6.1.117
v6.1.118
v6.1.119
v6.1.12
v6.1.120
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.1.98
v6.1.99
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.13-rc1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@61f720e801443d4e2a3c0261eda4ad8431458dca",
        "digest": {
            "line_hashes": [
                "161198455823291480818063214200852616859",
                "61296358871316750034448817136960058486",
                "63010446449728915931117945321056531047",
                "69804559380991655288543739739982255536"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c"
        },
        "id": "CVE-2024-56660-04083644",
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@11776cff0b563c8b8a4fa76cab620bfb633a8cb8",
        "digest": {
            "line_hashes": [
                "161198455823291480818063214200852616859",
                "61296358871316750034448817136960058486",
                "63010446449728915931117945321056531047",
                "69804559380991655288543739739982255536"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/steering/sws/dr_domain.c"
        },
        "id": "CVE-2024-56660-7a7eaf25",
        "signature_type": "Line"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@61f720e801443d4e2a3c0261eda4ad8431458dca",
        "digest": {
            "function_hash": "92281819297192132180056903638804080946",
            "length": 527.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "dr_domain_add_vport_cap",
            "file": "drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c"
        },
        "id": "CVE-2024-56660-949a7774",
        "signature_type": "Function"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@11776cff0b563c8b8a4fa76cab620bfb633a8cb8",
        "digest": {
            "function_hash": "92281819297192132180056903638804080946",
            "length": 527.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "dr_domain_add_vport_cap",
            "file": "drivers/net/ethernet/mellanox/mlx5/core/steering/sws/dr_domain.c"
        },
        "id": "CVE-2024-56660-95eb0012",
        "signature_type": "Function"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.121
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.67
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.6