Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38557", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.921Z", "datePublished": "2024-06-19T13:35:27.426Z", "dateUpdated": "2025-05-04T09:14:03.057Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:14:03.057Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Reload only IB representors upon lag disable/enable\n\nOn lag disable, the bond IB device along with all of its\nrepresentors are destroyed, and then the slaves' representors get reloaded.\n\nIn case the slave IB representor load fails, the eswitch error flow\nunloads all representors, including ethernet representors, where the\nnetdevs get detached and removed from lag bond. Such flow is inaccurate\nas the lag driver is not responsible for loading/unloading ethernet\nrepresentors. Furthermore, the flow described above begins by holding\nlag lock to prevent bond changes during disable flow. However, when\nreaching the ethernet representors detachment from lag, the lag lock is\nrequired again, triggering the following deadlock:\n\nCall trace:\n__switch_to+0xf4/0x148\n__schedule+0x2c8/0x7d0\nschedule+0x50/0xe0\nschedule_preempt_disabled+0x18/0x28\n__mutex_lock.isra.13+0x2b8/0x570\n__mutex_lock_slowpath+0x1c/0x28\nmutex_lock+0x4c/0x68\nmlx5_lag_remove_netdev+0x3c/0x1a0 [mlx5_core]\nmlx5e_uplink_rep_disable+0x70/0xa0 [mlx5_core]\nmlx5e_detach_netdev+0x6c/0xb0 [mlx5_core]\nmlx5e_netdev_change_profile+0x44/0x138 [mlx5_core]\nmlx5e_netdev_attach_nic_profile+0x28/0x38 [mlx5_core]\nmlx5e_vport_rep_unload+0x184/0x1b8 [mlx5_core]\nmlx5_esw_offloads_rep_load+0xd8/0xe0 [mlx5_core]\nmlx5_eswitch_reload_reps+0x74/0xd0 [mlx5_core]\nmlx5_disable_lag+0x130/0x138 [mlx5_core]\nmlx5_lag_disable_change+0x6c/0x70 [mlx5_core] // hold ldev->lock\nmlx5_devlink_eswitch_mode_set+0xc0/0x410 [mlx5_core]\ndevlink_nl_cmd_eswitch_set_doit+0xdc/0x180\ngenl_family_rcv_msg_doit.isra.17+0xe8/0x138\ngenl_rcv_msg+0xe4/0x220\nnetlink_rcv_skb+0x44/0x108\ngenl_rcv+0x40/0x58\nnetlink_unicast+0x198/0x268\nnetlink_sendmsg+0x1d4/0x418\nsock_sendmsg+0x54/0x60\n__sys_sendto+0xf4/0x120\n__arm64_sys_sendto+0x30/0x40\nel0_svc_common+0x8c/0x120\ndo_el0_svc+0x30/0xa0\nel0_svc+0x20/0x30\nel0_sync_handler+0x90/0xb8\nel0_sync+0x160/0x180\n\nThus, upon lag enable/disable, load and unload only the IB representors\nof the slaves preventing the deadlock mentioned above.\n\nWhile at it, refactor the mlx5_esw_offloads_rep_load() function to have\na static helper method for its internal logic, in symmetry with the\nrepresentor unload design."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/eswitch.h", "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c", "drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c", "drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c"], "versions": [{"version": "598fe77df855feeeca9dfda2ffe622ac7724e5c3", "lessThan": "e93fc8d959e56092e2eca1e5511c2d2f0ad6807a", "status": "affected", "versionType": "git"}, {"version": "598fe77df855feeeca9dfda2ffe622ac7724e5c3", "lessThan": "f03c714a0fdd1f93101a929d0e727c28a66383fc", "status": "affected", "versionType": "git"}, {"version": "598fe77df855feeeca9dfda2ffe622ac7724e5c3", "lessThan": "0f320f28f54b1b269a755be2e3fb3695e0b80b07", "status": "affected", "versionType": "git"}, {"version": "598fe77df855feeeca9dfda2ffe622ac7724e5c3", "lessThan": "0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/eswitch.h", "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c", "drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c", "drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.12", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.3", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.6.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.8.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.9.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e93fc8d959e56092e2eca1e5511c2d2f0ad6807a"}, {"url": "https://git.kernel.org/stable/c/f03c714a0fdd1f93101a929d0e727c28a66383fc"}, {"url": "https://git.kernel.org/stable/c/0f320f28f54b1b269a755be2e3fb3695e0b80b07"}, {"url": "https://git.kernel.org/stable/c/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4"}], "title": "net/mlx5: Reload only IB representors upon lag disable/enable", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-21T14:38:10.487920Z", "id": "CVE-2024-38557", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T14:39:10.077Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.994Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e93fc8d959e56092e2eca1e5511c2d2f0ad6807a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f03c714a0fdd1f93101a929d0e727c28a66383fc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0f320f28f54b1b269a755be2e3fb3695e0b80b07", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4", "tags": ["x_transferred"]}]}]}}