CVE-2024-50147 Information
Description
In the Linux kernel the following vulnerability has been resolved:
net/mlx5: Fix command bitmask initialization
Command bitmask have a dedicated bit for MANAGE_PAGES command this bit isn’t Initialize during command bitmask Initialization only during MANAGE_PAGES.
In addition mlx5_cmd_trigger_completions() is trying to trigger completion for MANAGE_PAGES command as well.
Hence in case health error occurred before any MANAGE_PAGES command have been invoke (for example during mlx5_enable_hca()) mlx5_cmd_trigger_completions() will try to trigger completion for MANAGE_PAGES command which will result in null-ptr-deref error.[1]
Fix it by Initialize command bitmask correctly.
While at it re-write the code for better understanding.
[1]
BUG: KASAN: null-ptr-deref in mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]
Write of size 4 at addr 0000000000000214 by task kworker/u96:2/12078
CPU: 10 PID: 12078 Comm: kworker/u96:2 Not tainted 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 1
Hardware name: QEMU Standard PC (Q35 + ICH9 2009) BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Workqueue: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core]
Call Trace:
Reference
https://git.kernel.org/stable/c/d1606090bb294cecb7de3c4ed177f5aa0abd4c4e https://git.kernel.org/stable/c/d88564c79d1cedaf2655f12261eca0d2796bde4e https://git.kernel.org/stable/c/2feac1e562be0efc621a6722644a90f355d53473 https://git.kernel.org/stable/c/d62b14045c6511a7b2d4948d1a83a4e592deeb05
Share on: