CVE-2024-26907: RDMA/mlx5: Fix fortify source warning while accessing Eth segment
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix fortify source warning while accessing Eth segment
------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inlinehdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2) WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5ibpostsend+0x191b/0x1a60 [mlx5ib] Modules linked in: 8021q garp mrp stp llc rdmaucm(OE) rdmacm(OE) iwcm(OE) ibipoib(OE) ibcm(OE) ibumad(OE) mlx5ib(OE) ibuverbs(OE) ibcore(OE) mlx5core(OE) pcihypervintf mlxdevm(OE) mlxcompat(OE) tls mlxfw(OE) psample nftfibinet nftfibipv4 nftfibipv6 nftfib nftrejectinet nfrejectipv4 nfrejectipv6 nftreject nftct nftchainnat nfnat nfconntrack nfdefragipv6 nfdefragipv4 ipset nftables libcrc32c nfnetlink mstpciconf(OE) knem(OE) vfiopci vfiopcicore vfioiommutype1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrmuser xfrmalgo ipmidevintf ipmimsghandler binfmtmisc crct10difpclmul crc32pclmul polyvalclmulni polyvalgeneric ghashclmulniintel sha512ssse3 sndpcsp aesniintel cryptosimd cryptd sndpcm sndtimer joydev snd soundcore inputleds serioraw evbug nfsd authrpcgss nfsacl lockd grace schfqcodel sunrpc drm efipstore iptables xtables autofs4 psmouse virtionet netfailover failover floppy [last unloaded: mlxcompat(OE)] CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:mlx5ibpostsend+0x191b/0x1a60 [mlx5ib] Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7 RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8 R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80 FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? showregs+0x72/0x90 ? mlx5ibpostsend+0x191b/0x1a60 [mlx5ib] ? warn+0x8d/0x160 ? mlx5ibpostsend+0x191b/0x1a60 [mlx5ib] ? reportbug+0x1bb/0x1d0 ? handlebug+0x46/0x90 ? excinvalidop+0x19/0x80 ? asmexcinvalidop+0x1b/0x20 ? mlx5ibpostsend+0x191b/0x1a60 [mlx5ib] mlx5ibpostsendnodrain+0xb/0x20 [mlx5ib] ipoibsend+0x2ec/0x770 [ibipoib] ipoibstartxmit+0x5a0/0x770 [ibipoib] devhardstartxmit+0x8e/0x1e0 ? validatexmitskblist+0x4d/0x80 schdirectxmit+0x116/0x3a0 devxmitskb+0x1fd/0x580 devqueuexmit+0x284/0x6b0 ? rawspinunlockirq+0xe/0x50 ? flushwork.isra.0+0x20d/0x370 ? pushpseudoheader+0x17/0x40 [ibipoib] neighconnectedoutput+0xcd/0x110 ipfinishoutput2+0x179/0x480 ? smpcallsinglequeue+0x61/0xa0 ipfinishoutput+0xc3/0x190 ipfinishoutput+0x2e/0xf0 ipoutput+0x78/0x110 ? pfxipfinishoutput+0x10/0x10 iplocalout+0x64/0x70 ipqueuexmit+0x18a/0x460 ipqueuexmit+0x15/0x30 tcptransmitskb+0x914/0x9c0 tcpwritexmit+0x334/0x8d0 tcppushone+0x3c/0x60 tcpsendmsglocked+0x2e1/0xac0 tcpsendmsg+0x2d/0x50 inetsendmsg+0x43/0x90 socksendmsg+0x68/0x80 sockwriteiter+0x93/0x100 vfswrite+0x326/0x3c0 ksyswrite+0xbd/0xf0 ? dosyscall64+0x69/0x90 x64syswrite+0x19/0x30 dosyscall ---truncated---
Other sources
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix fortify source warning while accessing Eth segment
The Linux kernel CVE team has assigned CVE-2024-26907 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024041746-CVE-2024-26907-a02d@gregkh/T
— Red Hat
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error related to fortifying source warning while accessing Eth segment. An attacker could exploit this vulnerability to gain elevated privileges on the system.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-26907?
CVE-2024-26907 has a severity rating that indicates it can lead to potential vulnerabilities in systems using affected Linux kernel versions.
How do I fix CVE-2024-26907?
To fix CVE-2024-26907, update your Linux kernel to version 5.10.214, 5.15.153, 6.1.83, 6.6.23, 6.7.11, or 6.8, or apply the relevant patches.
What versions of the Linux kernel are affected by CVE-2024-26907?
CVE-2024-26907 affects specific versions of the Linux kernel, including versions prior to 5.10.214, 5.15.153, 6.1.83, 6.6.23, 6.7.11, and 6.8.
Is CVE-2024-26907 specific to any Linux distributions?
Yes, CVE-2024-26907 primarily affects Linux distributions that utilize the specified kernel versions, such as those based on Red Hat and Debian.
What is the impact of CVE-2024-26907 on system security?
The impact of CVE-2024-26907 could lead to security vulnerabilities that may affect system stability and data integrity.