CVE - CVE-2024-36006

CVE-ID
CVE-2024-36006	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists without checking that the lists are not empty. This is incorrect usage of the API, which leads to the following warning [1]. Fix by returning if the lists are empty as there is nothing to migrate in this case. [1] WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0> Modules linked in: CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0 [...] Call Trace: <TASK> mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK>
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530 URL:https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530 MISC:https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a URL:https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a MISC:https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154 URL:https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154 MISC:https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0 URL:https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0 MISC:https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40 URL:https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40 MISC:https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97 URL:https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97 MISC:https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79 URL:https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79 MLIST:[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update URL:https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Assigning CNA
kernel.org
Date Record Created
20240517	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240517)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)