The Linux kernel development team recently resolved a significant vulnerability in the 'bnxt_en' module, which, if exploited, could lead to memory out-of-bounds issues. This vulnerability is now documented under the identifier CVE-2024-44933.

The vulnerability affects the function bnxt_fill_hw_rss_tbl() within the bnxt_en module. The issue lies in the fact that a recent change in the code within the __bnxt_reserve_rings() function has caused a regression on older firmware not requiring RX ring reservations. This occurs when BNXT_NEW_RM() returns 'false'. In these cases, the number of reserved RX rings may not be properly set, leading to out-of-range index usage within bnxt_fill_hw_rss_tbl().

bnxt_en: Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl()

false).

To fix this issue, developers have moved the bnxt_check_rss_tbl_no_rmgr() function up in bnxt_need_reserve_rings() so that it is called unconditionally when using older firmware. This change ensures that the default RSS indirection table is properly set to prevent the out-of-bound indexing problem and subsequent regression.

Full details about the vulnerability, including the original references, the commit, and the exploitable details can be found in the following resources:

- Kernel Git repository commit
- Bug report
- Mailing list discussion
- CVE-2024-44933 Database Entry

To summarize, the Linux kernel development team has addressed a memory out-of-bounds issue in the bnxt_en module coded under the CVE-2024-44933 identifier. The issue affected older firmware with RX ring reservation setups, and the fix now properly handles these scenarios by adjusting the function call order in the code. Users are encouraged to update their systems to incorporate this patch and ensure their systems remain secure.

Timeline

Published on: 08/26/2024 11:15:05 UTC
Last modified on: 08/27/2024 16:08:38 UTC