SB2024082132 - Resource management error in Linux kernel mellanox mlxsw driver
Published: August 21, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024082132
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2024-43880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb
- https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb
- https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e
- https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624
- https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037
- https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578
- https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.224
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.165
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.282
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.103
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.44