CVE-2024-38608: net/mlx5e: Fix netif state handling

Published Jun 19, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix netif state handling

mlx5esuspend cleans resources only if netifdevicepresent() returns true. However, mlx5eresume changes the state of netif, via mlx5enicenable, only if regstate == NETREGREGISTERED. In the below case, the above leads to NULL-ptr Oops[1] and memory leaks:

mlx5eprobe mlx5eresume mlx5eattachnetdev mlx5enicenable <-- netdev not reg, not calling netifdeviceattach() registernetdev <-- failed for some reason. ERRORFLOW: mlx5esuspend <-- netifdevicepresent return false, resources aren't freed :(

Hence, clean resources in this case as well.

[1] BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0010 [#1] SMP CPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0forupstreammindebug202309051601 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:0x0 Code: Unable to access opcode bytes at0xffffffffffffffd6. RSP: 0018:ffff888178aaf758 EFLAGS: 00010246 Call Trace: ? die+0x20/0x60 ? pagefaultoops+0x14c/0x3c0 ? excpagefault+0x75/0x140 ? asmexcpagefault+0x22/0x30 notifiercallchain+0x35/0xb0 blockingnotifiercallchain+0x3d/0x60 mlx5blockingnotifiercallchain+0x22/0x30 [mlx5core] mlx5coreuplinknetdeveventreplay+0x3e/0x60 [mlx5core] mlx5mdevnetdevtrack+0x53/0x60 [mlx5ib] mlx5ibroceinit+0xc3/0x340 [mlx5ib] mlx5ibadd+0x34/0xd0 [mlx5ib] mlx5rprobe+0xe1/0x210 [mlx5ib] ? auxiliarymatchid+0x6a/0x90 auxiliarybusprobe+0x38/0x80 ? driversysfsadd+0x51/0x80 reallyprobe+0xc9/0x3e0 ? driverprobedevice+0x90/0x90 driverprobedevice+0x80/0x160 driverprobedevice+0x1e/0x90 deviceattachdriver+0x7d/0x100 busforeachdrv+0x80/0xd0 deviceattach+0xbc/0x1f0 busprobedevice+0x86/0xa0 deviceadd+0x637/0x840 auxiliarydeviceadd+0x3b/0xa0 addadev+0xc9/0x140 [mlx5core] mlx5rescandriverslocked+0x22a/0x310 [mlx5core] mlx5registerdevice+0x53/0xa0 [mlx5core] mlx5initonedevllocked+0x5c4/0x9c0 [mlx5core] mlx5initone+0x3b/0x60 [mlx5core] probeone+0x44c/0x730 [mlx5core] localpciprobe+0x3e/0x90 pcideviceprobe+0xbf/0x210 ? kernfscreatelink+0x5d/0xa0 ? sysfsdocreatelinksd+0x60/0xc0 reallyprobe+0xc9/0x3e0 ? driverprobedevice+0x90/0x90 driverprobedevice+0x80/0x160 driverprobedevice+0x1e/0x90 deviceattachdriver+0x7d/0x100 busforeachdrv+0x80/0xd0 deviceattach+0xbc/0x1f0 pcibusadddevice+0x54/0x80 pciiovaddvirtfn+0x2e6/0x320 sriovenable+0x208/0x420 mlx5coresriovconfigure+0x9e/0x200 [mlx5core] sriovnumvfsstore+0xae/0x1a0 kernfsfopwriteiter+0x10c/0x1a0 vfswrite+0x291/0x3c0 ksyswrite+0x5f/0xe0 dosyscall64+0x3d/0x90 entrySYSCALL64afterhwframe+0x46/0xb0 CR2: 0000000000000000 ---[ end trace 0000000000000000 ]---

Other sources

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix netif state handling

mlx5esuspend cleans resources only if netifdevicepresent() returns true. However, mlx5eresume changes the state of netif, via mlx5enicenable, only if regstate == NETREGREGISTERED. In the below case, the above leads to NULL-ptr Oops[1] and memory leaks:

mlx5eprobe mlx5eresume mlx5eattachnetdev mlx5enicenable <-- netdev not reg, not calling netifdeviceattach() registernetdev <-- failed for some reason. ERRORFLOW: mlx5esuspend <-- netifdevicepresent return false, resources aren't freed :(

Hence, clean resources in this case as well.

[1] BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0010 [#1] SMP CPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0forupstreammindebug202309051601 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:0x0 Code: Unable to access opcode bytes at0xffffffffffffffd6. RSP: 0018:ffff888178aaf758 EFLAGS: 00010246 Call Trace: <TASK> ? die+0x20/0x60 ? pagefaultoops+0x14c/0x3c0 ? excpagefault+0x75/0x140 ? asmexcpagefault+0x22/0x30 notifiercallchain+0x35/0xb0 blockingnotifiercallchain+0x3d/0x60 mlx5blockingnotifiercallchain+0x22/0x30 [mlx5core] mlx5coreuplinknetdeveventreplay+0x3e/0x60 [mlx5core] mlx5mdevnetdevtrack+0x53/0x60 [mlx5ib] mlx5ibroceinit+0xc3/0x340 [mlx5ib] mlx5ibadd+0x34/0xd0 [mlx5ib] mlx5rprobe+0xe1/0x210 [mlx5ib] ? auxiliarymatchid+0x6a/0x90 auxiliarybusprobe+0x38/0x80 ? driversysfsadd+0x51/0x80 reallyprobe+0xc9/0x3e0 ? driverprobedevice+0x90/0x90 driverprobedevice+0x80/0x160 driverprobedevice+0x1e/0x90 deviceattachdriver+0x7d/0x100 busforeachdrv+0x80/0xd0 deviceattach+0xbc/0x1f0 busprobedevice+0x86/0xa0 deviceadd+0x637/0x840 auxiliarydeviceadd+0x3b/0xa0 addadev+0xc9/0x140 [mlx5core] mlx5rescandriverslocked+0x22a/0x310 [mlx5core] mlx5registerdevice+0x53/0xa0 [mlx5core] mlx5initonedevllocked+0x5c4/0x9c0 [mlx5core] mlx5initone+0x3b/0x60 [mlx5core] probeone+0x44c/0x730 [mlx5core] localpciprobe+0x3e/0x90 pcideviceprobe+0xbf/0x210 ? kernfscreatelink+0x5d/0xa0 ? sysfsdocreatelinksd+0x60/0xc0 reallyprobe+0xc9/0x3e0 ? driverprobedevice+0x90/0x90 driverprobedevice+0x80/0x160 driverprobedevice+0x1e/0x90 deviceattachdriver+0x7d/0x100 busforeachdrv+0x80/0xd0 deviceattach+0xbc/0x1f0 pcibusadddevice+0x54/0x80 pciiovaddvirtfn+0x2e6/0x320 sriovenable+0x208/0x420 mlx5coresriovconfigure+0x9e/0x200 [mlx5core] sriovnumvfsstore+0xae/0x1a0 kernfsfopwriteiter+0x10c/0x1a0 vfswrite+0x291/0x3c0 ksyswrite+0x5f/0xe0 dosyscall64+0x3d/0x90 entrySYSCALL64afterhwframe+0x46/0xb0 CR2: 0000000000000000 ---[ end trace 0000000000000000 ]---

NVD

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix netif state handling

The Linux kernel CVE team has assigned CVE-2024-38608 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T

Red Hat

Affected Software

5 affected componentsFixes available
redhat/kernel<6.9.3
6.9.3
redhat/kernel<6.10
6.10
Linux Linux kernel>=4.12<6.9.3
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance - Identity Manager virtual appliance component<=ISVG 10.0.2

Remediation

Patch Available

https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644

Patch Available

https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6

Event History

Jun 19, 2024
CVE Published
via MITRE·01:56 PM
Data Sourced
via MITRE·01:56 PM
Description
Sep 3, 2025
Data Sourced
via Microsoft·09:19 PM
DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-38608?

CVE-2024-38608 is classified as a moderate severity vulnerability affecting the Linux kernel.

2

How do I fix CVE-2024-38608?

To fix CVE-2024-38608, update the Linux kernel to version 6.9.3 or 6.10 or later.

3

What versions of the Linux kernel are affected by CVE-2024-38608?

CVE-2024-38608 affects Linux kernel versions between 4.12 and below 6.9.3.

4

Is my system vulnerable to CVE-2024-38608?

You may be vulnerable to CVE-2024-38608 if you are running a Linux kernel version within the affected range.

5

What does CVE-2024-38608 impact?

CVE-2024-38608 impacts the netif state handling in the Linux kernel's mlx5e driver.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203