CVE-2024-26595 - Linux Kernel mlxsw Fix Resolves Potential Null Pointer Dereference

The Linux kernel developers have recently resolved a crucial vulnerability in the mlxsw: spectrum_acl_tcam module. The vulnerability, identified by the CVE number CVE-2024-26595, pertained to a NULL pointer dereference in an error path. This post aims to provide an in-depth understanding of the vulnerability, the associated code changes and the impact of the fix on the operations.

Vulnerability Details

The vulnerability resulted from a bug in the 'mlxsw_sp_acl_tcam_region_destroy()' function. The function would be called from an error path after failing to attach the region to an ACL group, resulting in a NULL pointer dereference upon 'region->group->tcam' [1]. The problematic code snippet is provided below:

static void mlxsw_sp_acl_tcam_region_destroy(struct mlxsw_sp *mlxsw_sp,
                                             struct mlxsw_sp_acl_tcam_region...{
    // [...]
    mutex_lock(&group->mutex);
    list_del(&region->group_list);
    mutex_unlock(&group->mutex);

    mlxsw_sp_acl_tcam_group_cnt_dec(&group->tcam->shared_regions_group,
                                    &region->shared_entries);
 // [...]}

To fix this issue, the developers altered the code to retrieve the 'tcam' pointer using the 'mlxsw_sp_acl_to_tcam()' function. The modified code snippet is provided below:

static void mlxsw_sp_acl_tcam_region_destroy(struct mlxsw_sp *mlxsw_sp,
                                             struct mlxsw_sp_acl_tcam_region...{
    // [...]
 +   if (region->group) {
 +       mutex_lock(&region->group->mutex);
 +       list_del(&region->group_list);
 +       mutex_unlock(&region->group->mutex);
 +   }

 +   if (group) {
 +       mlxsw_sp_acl_tcam_group_cnt_dec(&group->tcam->shared_regions_group,
 +                                       &region->shared_entries);
 +   }
 // [...]}

You can find the original patch implementing the fix here: Linux kernel source repository

Impact of the Fix

The modifications made to the code will ensure that the NULL pointer dereference resulting from a failed attempt to attach the region to an ACL group is avoided. This, in turn, will prevent potential system crashes and improve the overall stability and security of the Linux kernel.

Conclusion

The Linux kernel developers have effectively and efficiently addressed the vulnerability (CVE-2024-26595) in the mlxsw: spectrum_acl_tcam module. By implementing the fix, the kernel will avoid potential NULL pointer dereferences, leading to improved system stability and security. All users running affected systems are recommended to update their kernel to benefit from the fix.

Timeline

Published on: 02/23/2024 15:15:09 UTC
Last modified on: 04/17/2024 19:55:31 UTC