CVE-2024-26586

一、漏洞信息
漏洞编号：CVE-2024-26586
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0
CVSS V2.0分值：
BaseScore：0.0 Low
Vector：CVSS：2.0/
漏洞简述：
In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum_acl_tcam: Fix stack corruptionWhen tc filters are first added to a net device, the corresponding localport gets bound to an ACL group in the device. The group contains a listof ACLs. In turn, each ACL points to a different TCAM region where thefilters are stored. During forwarding, the ACLs are sequentiallyevaluated until a match is found.One reason to place filters in different regions is when they are addedwith decreasing priorities and in an alternating order so that twoconsecutive filters can never fit in the same region because of theirkey usage.In Spectrum-2 and newer ASICs the firmware started to report that themaximum number of ACLs in a group is more than 16, but the layout of theregister that configures ACL groups (PAGT) was not updated to accountfor that. It is therefore possible to hit stack corruption [1] in therare case where more than 16 ACLs in a group are required.Fix by limiting the maximum ACL group size to the minimum between whatthe firmware reports and the maximum ACLs that fit in the PAGT register.Add a test case to make sure the machine does not crash when thiscondition is hit.[1]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120[...] dump_stack_lvl+0x36/0x50 panic+0x305/0x330 __stack_chk_fail+0x15/0x20 mlxsw_sp_acl_tcam_group_update+0x116/0x120 mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110 mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b
漏洞公开时间：2024-02-23 01:15:08
漏洞创建时间：2024-02-23 01:55:04
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2024-26586

更多参考(点击展开)

参考来源	参考链接	来源链接
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26586	https://bugzilla.suse.com/show_bug.cgi?id=1220243
suse_bugzilla	https://www.cve.org/CVERecord?id=CVE-2024-26586	https://bugzilla.suse.com/show_bug.cgi?id=1220243
suse_bugzilla	https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62	https://bugzilla.suse.com/show_bug.cgi?id=1220243
suse_bugzilla	https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15	https://bugzilla.suse.com/show_bug.cgi?id=1220243
suse_bugzilla	https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706	https://bugzilla.suse.com/show_bug.cgi?id=1220243
suse_bugzilla	https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182	https://bugzilla.suse.com/show_bug.cgi?id=1220243
suse_bugzilla	https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383	https://bugzilla.suse.com/show_bug.cgi?id=1220243
cve_search		https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182
cve_search		https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15
cve_search		https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62
cve_search		https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383
cve_search		https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706
cve_search		https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
linux_kernel	5.10.209	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=56750ea5d15426b5f307554e7699e8b5f76c3182	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=c3ab435466d5	linuxkernelcves
linux_kernel	5.15.148	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=348112522a35527c5bcba933b9fefb40a4f44f15	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=c3ab435466d5	linuxkernelcves
linux_kernel	6.1.79	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=6fd24675188d354b1cad47462969afa2ab09d819	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=c3ab435466d5	linuxkernelcves
linux_kernel	6.6.14	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=2f5e1565740490706332c06f36211d4ce0f88e62	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=c3ab435466d5	linuxkernelcves
linux_kernel	6.7.2	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=a361c2c1da5dbb13ca67601cf961ab3ad68af383	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=c3ab435466d5	linuxkernelcves

二、漏洞分析结构反馈
影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：
1.master(6.1.0):
2.openEuler-20.03-LTS-SP1(4.19.90):
3.openEuler-20.03-LTS-SP4(4.19.90):
4.openEuler-22.03-LTS(5.10.0):
5.openEuler-22.03-LTS-Next(5.10.0):
6.openEuler-22.03-LTS-SP1(5.10.0):
7.openEuler-22.03-LTS-SP2(5.10.0):
8.openEuler-22.03-LTS-SP3(5.10.0):

修复是否涉及abi变化(是/否)：
1.master(6.1.0):
2.openEuler-20.03-LTS-SP1(4.19.90):
3.openEuler-20.03-LTS-SP4(4.19.90):
4.openEuler-22.03-LTS(5.10.0):
5.openEuler-22.03-LTS-Next(5.10.0):
6.openEuler-22.03-LTS-SP1(5.10.0):
7.openEuler-22.03-LTS-SP2(5.10.0):
8.openEuler-22.03-LTS-SP3(5.10.0):

Hi openeuler-ci-bot, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers.

@YangYingliang ,@成坚 (CHENG Jian) ,@jiaoff ,@AlexGuo ,@hanjun-guo ,@woqidaideshi ,@Jackie Liu ,@Zhang Yi ,@colyli ,@ThunderTown ,@htforge ,@Chiqijun ,@冷嘲啊 ,@zhujianwei001 ,@kylin-mayukun ,@wangxiongfeng ,@Kefeng ,@SuperSix173 ,@WangShaoBo ,@Zheng Zucheng
issue处理注意事项:
1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;
2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;
3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否))不能省略,省略后cve-manager将无法正常解析填写内容.

影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响):
1.master(6.1.0):
2.openEuler-20.03-LTS-SP1(4.19.90):
3.openEuler-20.03-LTS-SP4(4.19.90):
4.openEuler-22.03-LTS(5.10.0):
5.openEuler-22.03-LTS-Next(5.10.0):
6.openEuler-22.03-LTS-SP1(5.10.0):
7.openEuler-22.03-LTS-SP2(5.10.0):
8.openEuler-22.03-LTS-SP3(5.10.0):

修复是否涉及abi变化(是/否)：
1.master(6.1.0):
2.openEuler-20.03-LTS-SP1(4.19.90):
3.openEuler-20.03-LTS-SP4(4.19.90):
4.openEuler-22.03-LTS(5.10.0):
5.openEuler-22.03-LTS-Next(5.10.0):
6.openEuler-22.03-LTS-SP1(5.10.0):
7.openEuler-22.03-LTS-SP2(5.10.0):
8.openEuler-22.03-LTS-SP3(5.10.0):

issue处理具体操作请参考:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

参考网址	关联pr	状态	补丁链接
https://nvd.nist.gov/vuln/detail/CVE-2024-26586	None	None	https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15 https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383 https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182 https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62 https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706
https://ubuntu.com/security/CVE-2024-26586	None	None	https://discourse.ubuntu.com/c/ubuntu-pro
https://www.opencve.io/cve/CVE-2024-26586	None	None	https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15 https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383 https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182 https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62 https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-26586
https://security-tracker.debian.org/tracker/CVE-2024-26586

说明：补丁链接仅供初步排查参考，实际可用性请人工再次确认，补丁下载验证可使用CVE补丁工具。
若补丁不准确，烦请在此issue下评论 '/report-patch 参考网址补丁链接1,补丁链接2' 反馈正确信息，便于我们不断优化工具，不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1

@ci-robot 请确认分支: master,openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-Next,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2,openEuler-22.03-LTS-SP3 受影响/不受影响.
请确认分支信息是否填写完整,否则将无法关闭当前issue.

@hongrongxuan 请确认分支: master,openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-Next,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2,openEuler-22.03-LTS-SP3 受影响/不受影响.
请确认分支信息是否填写完整,否则将无法关闭当前issue.

src-openEuler / kernel

内容风险标识

评论 (6)

src-openEuler / kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-26586

评论 (6)

搜索帮助

src-openEuler / kernel