CVE-2024-35855: Linux Kernel Vulnerability Resolved in mlxsw Spectrum ACL TCAM Activity Update

In the Linux kernel, a vulnerability in the mlxsw Spectrum ACL TCAM (Access Control List Ternary Content-Addressable Memory) activity update has been resolved, addressing the issue of possible use-after-free during activity update. This vulnerability, identified as CVE-2024-35855, could have allowed attackers to execute arbitrary code or cause a denial of service, thus resulting in system crashes.

Details of the vulnerability

The rule activity update delayed work periodically traversed the list of configured rules and queried their activity from the device. As part of this task, it accessed the entry pointed by 'ventry->entry', but this entry could be changed concurrently by the rehash delayed work, leading to a use-after-free issue [1].

To fix this problem, the race has been closed, and the activity query is now being performed under the 'vregion->lock' mutex.

Below is the original code snippet for reference

BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_tcam_flower_rule_activity_get+x121/x140
Read of size 8 at addr ffff8881054ed808 by task kworker/:18/181
...
...
Freed by task 1039:
 kasan_save_stack+x33/x60
 kasan_save_track+x14/x30
 kasan_save_free_info+x3b/x60
 poison_slab_object+x102/x170
 __kasan_slab_free+x14/x30
 kfree+xc1/x290
 mlxsw_sp_acl_tcam_vchunk_migrate_all+x3d7/xb50
 mlxsw_sp_acl_tcam_vregion_rehash_work+x157/x130
 process_one_work+x8eb/x19b
 worker_thread+x6c9/xf70
 kthread+x2c9/x3b
 ret_from_fork+x4d/x80
 ret_from_fork_asm+x1a/x30

For further information on this vulnerability and its resolution, you may refer to the original advisory here.

If you are using the affected version of the Linux kernel, it is highly recommended that you update the kernel as soon as possible to fix this critical vulnerability.

In conclusion, CVE-2024-35855 has been addressed in the Linux kernel's mlxsw Spectrum ACL TCAM activity update, fixing the possible use-after-free issue that led to a potential attack vector. Updating the affected kernel version to the latest release should prevent any further exploitation of this vulnerability.

Timeline

Published on: 05/17/2024 15:15:22 UTC
Last modified on: 06/25/2024 22:15:31 UTC