CVE-2024-38555 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command interface and trigger all completions manually. Kernel log: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. ... RIP: 0010:refcount_warn_saturate+0xd8/0xe0 ... Call Trace: <IRQ> ? __warn+0x79/0x120 ? refcount_warn_saturate+0xd8/0xe0 ? report_bug+0x17c/0x190 ? handle_bug+0x3c/0x60 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0xd8/0xe0 cmd_ent_put+0x13b/0x160 [mlx5_core] mlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core] cmd_comp_notifier+0x1f/0x30 [mlx5_core] notifier_call_chain+0x35/0xb0 atomic_notifier_call_chain+0x16/0x20 mlx5_eq_async_int+0xf6/0x290 [mlx5_core] notifier_call_chain+0x35/0xb0 atomic_notifier_call_chain+0x16/0x20 irq_int_handler+0x19/0x30 [mlx5_core] __handle_irq_event_percpu+0x4b/0x160 handle_irq_event+0x2e/0x80 handle_edge_irq+0x98/0x230 __common_interrupt+0x3b/0xa0 common_interrupt+0x7b/0xa0 </IRQ> <TASK> asm_common_interrupt+0x22/0x40

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:5102	2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:5101	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
kernel-0:4.18.0-372.115.1.el8_6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2024:5065	2024-08-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
kernel-0:4.18.0-372.115.1.el8_6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2024:5065	2024-08-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
kernel-0:4.18.0-372.115.1.el8_6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2024:5065	2024-08-07T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.67.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:5255	2024-08-13T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.79.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:5364	2024-08-14T00:00:00Z
kernel-rt-0:5.14.0-284.79.1.rt14.364.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:5365	2024-08-14T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
kernel-0:5.14.0-427.47.1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2024:10771	2024-12-04T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb
https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7
https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0
https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a
https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396
https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40
https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3
https://lore.kernel.org/linux-cve-announce/2024061952-CVE-2024-38555-aefb@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-38555
https://www.cve.org/CVERecord?id=CVE-2024-38555

History

Wed, 04 Dec 2024 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.4

Wed, 13 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 27 Aug 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 16 Aug 2024 18:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.2::nfv

Tue, 13 Aug 2024 22:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/o:redhat:rhel_eus:8.8
Vendors & Products		Redhat rhel Eus

Thu, 08 Aug 2024 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat enterprise Linux

Wed, 07 Aug 2024 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
CPEs		cpe:/o:redhat:rhel_aus:8.6 cpe:/o:redhat:rhel_e4s:8.6 cpe:/o:redhat:rhel_tus:8.6
Vendors & Products		Redhat Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-19T13:35:26.059Z

Updated: 2025-05-04T12:56:44.500Z

Reserved: 2024-06-18T19:36:34.920Z

Link: CVE-2024-38555

Vulnrichment

Updated: 2024-08-02T04:12:25.241Z

NVD

Status : Modified

Published: 2024-06-19T14:15:15.720

Modified: 2024-11-21T09:26:20.137

Link: CVE-2024-38555

Redhat

Severity : Moderate

Publid Date: 2024-06-19T00:00:00Z

Links: CVE-2024-38555 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38555", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.920Z", "datePublished": "2024-06-19T13:35:26.059Z", "dateUpdated": "2025-05-04T12:56:44.500Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:56:44.500Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Discard command completions in internal error\n\nFix use after free when FW completion arrives while device is in\ninternal error state. Avoid calling completion handler in this case,\nsince the device will flush the command interface and trigger all\ncompletions manually.\n\nKernel log:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\n...\nCall Trace:\n<IRQ>\n? __warn+0x79/0x120\n? refcount_warn_saturate+0xd8/0xe0\n? report_bug+0x17c/0x190\n? handle_bug+0x3c/0x60\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? refcount_warn_saturate+0xd8/0xe0\ncmd_ent_put+0x13b/0x160 [mlx5_core]\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nirq_int_handler+0x19/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x4b/0x160\nhandle_irq_event+0x2e/0x80\nhandle_edge_irq+0x98/0x230\n__common_interrupt+0x3b/0xa0\ncommon_interrupt+0x7b/0xa0\n</IRQ>\n<TASK>\nasm_common_interrupt+0x22/0x40"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/cmd.c"], "versions": [{"version": "27c79b3a9212cf4ba634c157e07d29548181a208", "lessThan": "f6fbb8535e990f844371086ab2c1221f71f993d3", "status": "affected", "versionType": "git"}, {"version": "51d138c2610a236c1ed0059d034ee4c74f452b86", "lessThan": "3cb92b0ad73d3f1734e812054e698d655e9581b0", "status": "affected", "versionType": "git"}, {"version": "51d138c2610a236c1ed0059d034ee4c74f452b86", "lessThan": "bf8aaf0ae01c27ae3c06aa8610caf91e50393396", "status": "affected", "versionType": "git"}, {"version": "51d138c2610a236c1ed0059d034ee4c74f452b86", "lessThan": "1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb", "status": "affected", "versionType": "git"}, {"version": "51d138c2610a236c1ed0059d034ee4c74f452b86", "lessThan": "1d5dce5e92a70274de67a59e1e674c3267f94cd7", "status": "affected", "versionType": "git"}, {"version": "51d138c2610a236c1ed0059d034ee4c74f452b86", "lessThan": "7ac4c69c34240c6de820492c0a28a0bd1494265a", "status": "affected", "versionType": "git"}, {"version": "51d138c2610a236c1ed0059d034ee4c74f452b86", "lessThan": "db9b31aa9bc56ff0d15b78f7e827d61c4a096e40", "status": "affected", "versionType": "git"}, {"version": "2e5d24b3bf091802c5456dc8f8f6a6be4493c8ca", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/cmd.c"], "versions": [{"version": "5.12", "status": "affected"}, {"version": "0", "lessThan": "5.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.219", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.12", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.3", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.20", "versionEndExcluding": "5.10.219"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "5.15.161"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.1.93"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.6.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.8.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.9.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3"}, {"url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0"}, {"url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396"}, {"url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb"}, {"url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7"}, {"url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a"}, {"url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40"}], "title": "net/mlx5: Discard command completions in internal error", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.241Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38555", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:14:41.121534Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:56.983Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.241Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38555", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:14:41.121534Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:27.084Z"}}], "cna": {"title": "net/mlx5: Discard command completions in internal error", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "27c79b3a9212", "lessThan": "f6fbb8535e99", "versionType": "git"}, {"status": "affected", "version": "51d138c2610a", "lessThan": "3cb92b0ad73d", "versionType": "git"}, {"status": "affected", "version": "51d138c2610a", "lessThan": "bf8aaf0ae01c", "versionType": "git"}, {"status": "affected", "version": "51d138c2610a", "lessThan": "1337ec94bc5a", "versionType": "git"}, {"status": "affected", "version": "51d138c2610a", "lessThan": "1d5dce5e92a7", "versionType": "git"}, {"status": "affected", "version": "51d138c2610a", "lessThan": "7ac4c69c3424", "versionType": "git"}, {"status": "affected", "version": "51d138c2610a", "lessThan": "db9b31aa9bc5", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/cmd.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.12"}, {"status": "unaffected", "version": "0", "lessThan": "5.12", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.219", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.161", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.93", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.12", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9.3", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/cmd.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3"}, {"url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0"}, {"url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396"}, {"url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb"}, {"url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7"}, {"url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a"}, {"url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Discard command completions in internal error\n\nFix use after free when FW completion arrives while device is in\ninternal error state. Avoid calling completion handler in this case,\nsince the device will flush the command interface and trigger all\ncompletions manually.\n\nKernel log:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\n...\nCall Trace:\n<IRQ>\n? __warn+0x79/0x120\n? refcount_warn_saturate+0xd8/0xe0\n? report_bug+0x17c/0x190\n? handle_bug+0x3c/0x60\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? refcount_warn_saturate+0xd8/0xe0\ncmd_ent_put+0x13b/0x160 [mlx5_core]\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nirq_int_handler+0x19/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x4b/0x160\nhandle_irq_event+0x2e/0x80\nhandle_edge_irq+0x98/0x230\n__common_interrupt+0x3b/0xa0\ncommon_interrupt+0x7b/0xa0\n</IRQ>\n<TASK>\nasm_common_interrupt+0x22/0x40"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:29:47.809Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38555", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:29:47.809Z", "dateReserved": "2024-06-18T19:36:34.920Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-19T13:35:26.059Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "12848580-6A3F-4069-9B0A-78AAA5E79BE7", "versionEndExcluding": "5.10.219", "versionStartIncluding": "5.10.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5A5A54E-7208-43CC-811F-57A4B7A4488D", "versionEndExcluding": "5.15.161", "versionStartIncluding": "5.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667", "versionEndExcluding": "6.1.93", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E", "versionEndExcluding": "6.6.33", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2", "versionEndExcluding": "6.8.12", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011", "versionEndExcluding": "6.9.3", "versionStartIncluding": "6.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Discard command completions in internal error\n\nFix use after free when FW completion arrives while device is in\ninternal error state. Avoid calling completion handler in this case,\nsince the device will flush the command interface and trigger all\ncompletions manually.\n\nKernel log:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\n...\nCall Trace:\n<IRQ>\n? __warn+0x79/0x120\n? refcount_warn_saturate+0xd8/0xe0\n? report_bug+0x17c/0x190\n? handle_bug+0x3c/0x60\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? refcount_warn_saturate+0xd8/0xe0\ncmd_ent_put+0x13b/0x160 [mlx5_core]\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nirq_int_handler+0x19/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x4b/0x160\nhandle_irq_event+0x2e/0x80\nhandle_edge_irq+0x98/0x230\n__common_interrupt+0x3b/0xa0\ncommon_interrupt+0x7b/0xa0\n</IRQ>\n<TASK>\nasm_common_interrupt+0x22/0x40"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: descartar la finalizaci\u00f3n de comandos en caso de error interno. Se corrige el use-after-free cuando llega la finalizaci\u00f3n del FW mientras el dispositivo est\u00e1 en estado de error interno. Evite llamar al controlador de finalizaci\u00f3n en este caso, ya que el dispositivo limpiar\u00e1 la interfaz de comando y activar\u00e1 todas las finalizaciones manualmente. Registro del kernel: ------------[ cortar aqu\u00ed ]------------ refcount_t: underflow; use-after-free. ... RIP: 0010:refcount_warn_saturate+0xd8/0xe0 ... Seguimiento de llamadas: ? __advertir+0x79/0x120 ? refcount_warn_saturate+0xd8/0xe0? report_bug+0x17c/0x190? handle_bug+0x3c/0x60? exc_invalid_op+0x14/0x70? asm_exc_invalid_op+0x16/0x20? refcount_warn_saturate+0xd8/0xe0 cmd_ent_put+0x13b/0x160 [mlx5_core] mlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core] cmd_comp_notifier+0x1f/0x30 [mlx5_core] notifier_call_chain+0x35/0xb0 cadena+0x16/0x20 mlx5_eq_async_int+0xf6/0x290 [mlx5_core] notifier_call_chain+0x35 /0xb0 atomic_notifier_call_chain+0x16/0x20 irq_int_handler+0x19/0x30 [mlx5_core] __handle_irq_event_percpu+0x4b/0x160 handle_irq_event+0x2e/0x80 handle_edge_irq+0x98/0x230 __common_interrupt+0x3b/0 xa0 interrupci\u00f3n_com\u00fan+0x7b/0xa0 asm_interrupci\u00f3n_com\u00fan+0x22 /0x40"}], "id": "CVE-2024-38555", "lastModified": "2024-11-21T09:26:20.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-19T14:15:15.720", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5065", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.115.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5065", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.115.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5065", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.115.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5255", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.67.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:5364", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.79.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5365", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.79.1.rt14.364.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:10771", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.47.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-12-04T00:00:00Z"}], "bugzilla": {"description": "kernel: net/mlx5: Discard command completions in internal error", "id": "2293444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293444"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5: Discard command completions in internal error\nFix use after free when FW completion arrives while device is in\ninternal error state. Avoid calling completion handler in this case,\nsince the device will flush the command interface and trigger all\ncompletions manually.\nKernel log:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\n...\nCall Trace:\n<IRQ>\n? __warn+0x79/0x120\n? refcount_warn_saturate+0xd8/0xe0\n? report_bug+0x17c/0x190\n? handle_bug+0x3c/0x60\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? refcount_warn_saturate+0xd8/0xe0\ncmd_ent_put+0x13b/0x160 [mlx5_core]\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nirq_int_handler+0x19/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x4b/0x160\nhandle_irq_event+0x2e/0x80\nhandle_edge_irq+0x98/0x230\n__common_interrupt+0x3b/0xa0\ncommon_interrupt+0x7b/0xa0\n</IRQ>\n<TASK>\nasm_common_interrupt+0x22/0x40", "A use-after-free vulnerability has been discovered in the Linux kernel within the drivers/net/ethernet/mellanox/mlx5/core/cmd.c component, specifically related to the Mellanox network driver. This flaw can lead to compromised system availability. Successful exploitation could result in unpredictable behavior and denial-of-service conditions."], "name": "CVE-2024-38555", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38555\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38555\nhttps://lore.kernel.org/linux-cve-announce/2024061952-CVE-2024-38555-aefb@gregkh/T"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-416: Use After Free vulnerability and downgrades the severity of this CVE from Moderate to Low.\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure that only authorized users and roles can execute or modify code. Red Hat also enforces least functionality, enabling only essential features, services, and ports. Hardening guidelines ensure the most restrictive settings required for operations, while baseline configurations enforce safe memory allocation and deallocation practices to reduce the risk of use-after-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code and provide real-time visibility into memory usage, lowering the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents a compromised process from accessing memory freed by another, containing potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.", "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object