CVE-2024-56717
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56717
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56717.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-56717
- Related
- Published
- 2024-12-29T09:15:06Z
- Modified
- 2025-01-16T05:50:49.775730Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: mscc: ocelot: fix incorrect IFH SRCPORT field in ocelotifhsetbasic()
Packets injected by the CPU should have a SRCPORT field equal to the CPU port module index in the Analyzer block (ocelot->numphys_ports).
The blamed commit copied the ocelotifhsetbasic() call incorrectly from ocelotxmitcommon() in net/dsa/tagocelot.c. Instead of calling with "x", it calls with BIT_ULL(x), but the field is not a port mask, but rather a single port index.
[ side note: this is the technical debt of code duplication :( ]
The error used to be silent and doesn't appear to have other user-visible manifestations, but with new changes in the packing library, it now fails loudly as follows:
------------[ cut here ]------------ Cannot store 0x40 inside bits 46-43 - will truncate sja1105 spi2.0: xmit timed out WARNING: CPU: 1 PID: 102 at lib/packing.c:98 _pack+0x90/0x198 sja1105 spi2.0: timed out polling for tstamp CPU: 1 UID: 0 PID: 102 Comm: felixxmit Tainted: G W N 6.13.0-rc1-00372-gf706b85d972d-dirty #2605 Call trace: _pack+0x90/0x198 (P) _pack+0x90/0x198 (L) packing+0x78/0x98 ocelotifhsetbasic+0x260/0x368 ocelotportinjectframe+0xa8/0x250 felixportdeferredxmit+0x14c/0x258 kthreadworker_fn+0x134/0x350 kthread+0x114/0x138
The code path pertains to the ocelot switchdev driver and to the felix secondary DSA tag protocol, ocelot-8021q. Here seen with ocelot-8021q.
The messenger (packing) is not really to blame, so fix the original commit instead.
- References
-
- https://git.kernel.org/stable/c/2d5df3a680ffdaf606baa10636bdb1daf757832e
- https://git.kernel.org/stable/c/2f3c62ffe88116cd2a39cd73e01103535599970f
- https://git.kernel.org/stable/c/59c4ca8d8d7918eb6e2df91d2c254827264be309
- https://git.kernel.org/stable/c/a8836eae3288c351acd3b2743d2fad2a4ee2bd56
- https://security-tracker.debian.org/tracker/CVE-2024-56717
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.123-1
Affected versions
6.*
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.12.8-1