CVE-2024-27046: Linux Kernel Vulnerability Resolved - nfp: flower: handle acti_netdevs allocation failure

In the Linux kernel, a significant vulnerability has been identified and resolved recently. The vulnerability, identified as CVE-2024-27046, pertains to the nfp_fl_lag_do_work() function in the nfp: flower module, which may result in null pointer dereference bug when an allocation failure occurs. This article will provide comprehensive details about the vulnerability, including the code snippets to understand the issue, links to original references, and the exploit details.

Exploit Details

The vulnerability resides in the nfp_fl_lag_do_work() function in the nfp: flower module of the Linux kernel. The function attempts to allocate memory for acti_netdevs using kmalloc_array(), but if the system runs out of memory, the function will return a null pointer. Dereferencing the null pointer acti_netdevs will lead to a null pointer dereference bug, causing the system to go into a potential kernel panic or crash.

A patch has been developed to address the issue by incorporating a check to identify if an allocation failure has occurred. In case of an allocation failure, the issue will be addressed by rescheduling the delayed work, allowing the function to try again.

Old Code

static void nfp_fl_lag_do_work(struct work_struct *work)
{
... (other code) ...

acti_netdevs = kmalloc_array(num_acti_netdevs, sizeof(*acti_netdevs), GFP_KERNEL);

... (other code) ...

}

New Code (with patch)

static void nfp_fl_lag_do_work(struct work_struct *work)
{
... (other code) ...

acti_netdevs = kmalloc_array(num_acti_netdevs, sizeof(*acti_netdevs), GFP_KERNEL);
if (!acti_netdevs) { // Check for allocation failure
    schedule_delayed_work(&lag->lag_wq, msecs_to_jiffies(min_t(unsigned int, RESCHEDULE_DELAY_MS, diff)));
    return;
}

... (other code) ...

}

Original References

The vulnerability and the patch details have been discussed and addressed by the Linux kernel community in the official mailing list. The links to the original references are provided below:

* Linux kernel mailing list - PATCH
* Linux kernel mailing list - APPLY

Conclusion

In conclusion, CVE-2024-27046 is a vulnerability in the Linux kernel that results from an allocation failure in the nfp: flower module. The patch that addresses this vulnerability adds a check to identify the failure and subsequently reschedule the delayed work. Users are advised to apply the patch and keep their systems updated to prevent potential kernel crashes or panics due to this vulnerability.

Timeline

Published on: 05/01/2024 13:15:49 UTC
Last modified on: 12/23/2024 18:19:19 UTC