CVE-2024-35855: Linux Kernel Vulnerability Resolved in mlxsw Spectrum ACL TCAM Activity Update
In the Linux kernel, a vulnerability in the mlxsw Spectrum ACL TCAM (Access Control List Ternary Content-Addressable Memory) activity update has been resolved, addressing the issue of possible use-after-free during activity update. This vulnerability, identified as CVE-2024-35855, could have allowed attackers to execute arbitrary code or cause a denial of service, thus resulting in system crashes.
Details of the vulnerability
The rule activity update delayed work periodically traversed the list of configured rules and queried their activity from the device. As part of this task, it accessed the entry pointed by 'ventry->entry', but this entry could be changed concurrently by the rehash delayed work, leading to a use-after-free issue [1].
To fix this problem, the race has been closed, and the activity query is now being performed under the 'vregion->lock' mutex.
Below is the original code snippet for reference
BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_tcam_flower_rule_activity_get+x121/x140
Read of size 8 at addr ffff8881054ed808 by task kworker/:18/181
...
...
Freed by task 1039:
kasan_save_stack+x33/x60
kasan_save_track+x14/x30
kasan_save_free_info+x3b/x60
poison_slab_object+x102/x170
__kasan_slab_free+x14/x30
kfree+xc1/x290
mlxsw_sp_acl_tcam_vchunk_migrate_all+x3d7/xb50
mlxsw_sp_acl_tcam_vregion_rehash_work+x157/x130
process_one_work+x8eb/x19b
worker_thread+x6c9/xf70
kthread+x2c9/x3b
ret_from_fork+x4d/x80
ret_from_fork_asm+x1a/x30
For further information on this vulnerability and its resolution, you may refer to the original advisory here.
If you are using the affected version of the Linux kernel, it is highly recommended that you update the kernel as soon as possible to fix this critical vulnerability.
In conclusion, CVE-2024-35855 has been addressed in the Linux kernel's mlxsw Spectrum ACL TCAM activity update, fixing the possible use-after-free issue that led to a potential attack vector. Updating the affected kernel version to the latest release should prevent any further exploitation of this vulnerability.
Timeline
Published on: 05/17/2024 15:15:22 UTC
Last modified on: 12/19/2024 08:56:39 UTC