摘要:
In the Linux kernel, the following vulnerability has been resolved:net/mlx5: Fix bridge mode operations when there are no VFsCurrently, trying to set the bridge mode attribute when numvfs=0 leads to acrash:bridge link set dev eth2 hwmode vepa[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030[...][ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core][...][ 168.976037] Call Trace:[ 168.976188] <TASK>[ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core][ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core][ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0[ 168.979714] rtnetlink_rcv_msg+0x159/0x400[ 168.980451] netlink_rcv_skb+0x54/0x100[ 168.980675] netlink_unicast+0x241/0x360[ 168.980918] netlink_sendmsg+0x1f6/0x430[ 168.981162] ____sys_sendmsg+0x3bb/0x3f0[ 168.982155] ___sys_sendmsg+0x88/0xd0[ 168.985036] __sys_sendmsg+0x59/0xa0[ 168.985477] do_syscall_64+0x79/0x150[ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e[ 168.987773] RIP: 0033:0x7f8f7950f917(esw->fdb_table.legacy.vepa_fdb is null)The bridge mode is only relevant when there are multiple functions perport. Therefore, prevent setting and getting this setting when there are noVFs.Note that after this change, there are no settings to change on the PFinterface using `bridge link` when there are no VFs, so the interface nolonger appears in the `bridge link` output.
安全等级: Low
公告ID: KylinSec-SA-2024-3923
发布日期: 2024年10月11日
关联CVE: CVE-2024-46857
In the Linux kernel, the following vulnerability has been resolved:net/mlx5: Fix bridge mode operations when there are no VFsCurrently, trying to set the bridge mode attribute when numvfs=0 leads to acrash:bridge link set dev eth2 hwmode vepa[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030[...][ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core][...][ 168.976037] Call Trace:[ 168.976188] <TASK>[ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core][ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core][ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0[ 168.979714] rtnetlink_rcv_msg+0x159/0x400[ 168.980451] netlink_rcv_skb+0x54/0x100[ 168.980675] netlink_unicast+0x241/0x360[ 168.980918] netlink_sendmsg+0x1f6/0x430[ 168.981162] ____sys_sendmsg+0x3bb/0x3f0[ 168.982155] ___sys_sendmsg+0x88/0xd0[ 168.985036] __sys_sendmsg+0x59/0xa0[ 168.985477] do_syscall_64+0x79/0x150[ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e[ 168.987773] RIP: 0033:0x7f8f7950f917(esw->fdb_table.legacy.vepa_fdb is null)The bridge mode is only relevant when there are multiple functions perport. Therefore, prevent setting and getting this setting when there are noVFs.Note that after this change, there are no settings to change on the PFinterface using `bridge link` when there are no VFs, so the interface nolonger appears in the `bridge link` output.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-46857 | KY3.4-5A | kernel | Unaffected |
