Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLinuxCVE-2024-44970
HistorySep 04, 2024 - 7:15 p.m.

CVE-2024-44970

2024-09-0419:15:31
Linux
web.nvd.nist.gov
26
linux kernel
vulnerability
net/mlx5e
shampo
wqe
linked list
cqe
strides
mlx5_wq_ll_pop
unlinking fix

AI Score

7.2

Confidence

Low

EPSS

0

Percentile

16.3%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink

When all the strides in a WQE have been consumed, the WQE is unlinked
from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible
to receive CQEs with 0 consumed strides for the same WQE even after the
WQE is fully consumed and unlinked. This triggers an additional unlink
for the same wqe which corrupts the linked list.

Fix this scenario by accepting 0 sized consumed strides without
unlinking the WQE again.

Affected configurations

Vulners
Node
linuxlinux_kernelRange6.1.06.1.105
OR
linuxlinux_kernelRange6.2.06.6.46
OR
linuxlinux_kernelRange6.7.06.10.5
OR
linuxlinux_kernelRange6.11.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "7b379353e914",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "650e24748e1e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "50d8009a0ac0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "fba8334721e2",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c"
    ],
    "versions": [
      {
        "version": "6.1.105",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.46",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.5",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

nvd 1
osv 1
cvelist 1
ubuntucve 1
vulnrichment 1
debiancve 1
redhatcve 1
nvd
nvd
CVE-2024-44970
2024-09-04 19:15:31
osv
osv
CVE-2024-44970
2024-09-04 19:15:31
cvelist
cvelist
CVE-2024-44970 net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
2024-09-04 18:56:46
ubuntucve
ubuntucve
CVE-2024-44970
2024-09-05 00:00:00
vulnrichment
vulnrichment
CVE-2024-44970 net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
2024-09-04 18:56:46
debiancve
debiancve
CVE-2024-44970
2024-09-04 19:15:31
redhatcve
redhatcve
CVE-2024-44970
2024-09-04 20:20:24

AI Score

7.2

Confidence

Low

EPSS

0

Percentile

16.3%

JSON
Related for CVE-2024-44970
nvd1osv1cvelist1ubuntucve1vulnrichment1debiancve1redhatcve1