CVE-2024-26595

Updated: 2024-12-14 20:22:23.413334

Description:

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon 'region->group->tcam' [1]. Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam(). [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0 [...] Call Trace: mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x		0
CVSS Version 3.x	MEDIUM	5.5

Status

OS name	Project name	Version	Score	Severity	Status	Errata	Last updated
AlmaLinux 9.2 ESU	kernel	5.14.0	5.5	MEDIUM	Released	CLSA-2025:1743193221	2024-06-24 11:25:02
CentOS 6 ELS	kernel	2.6.32	5.5	MEDIUM	Ignored		2024-09-25 12:26:44
CentOS 7 ELS	kernel	3.10.0	5.5	MEDIUM	Ignored		2024-09-25 12:26:43
CentOS 8.4 ELS	kernel	4.18.0	5.5	MEDIUM	Ignored		2024-10-09 04:04:13
CentOS 8.5 ELS	kernel	4.18.0	5.5	MEDIUM	Ignored		2024-10-09 04:04:13
CentOS Stream 8 ELS	kernel	4.18.0	5.5	MEDIUM	Ignored		2024-10-09 04:01:06
CloudLinux 6 ELS	kernel	2.6.32	5.5	MEDIUM	Ignored		2024-09-25 12:26:44
CloudLinux 7 ELS	kernel	3.10.0	5.5	MEDIUM	Ignored		2024-09-25 12:26:43
Oracle Linux 6 ELS	kernel	2.6.32	5.5	MEDIUM	Ignored		2024-09-25 12:26:43
Ubuntu 16.04 ELS	linux	4.4.0	5.5	MEDIUM	In Progress		2025-04-02 03:33:13

Total: 12