CVE-2024-53120: Addressing NULL Pointer Dereference in Linux Kernel's net/mlx5e CT Error Flow

A new vulnerability, designated as CVE-2024-53120, has been discovered and patched in the Linux kernel. This vulnerability affects the net/mlx5e CT (connection tracking) module, specifically leading to a NULL pointer dereference in the add rule error flow. In this post, we will delve into the details of this vulnerability, including a code snippet analysis, original references, and exploit details.

Code Snippet Analysis

The problem occurs in the mlx5_tc_ct_entry_add_rule() function when the ct_rule_add() callback returns an error. In this situation, zone_rule->attr is used uninitialized, leading to a potential NULL pointer dereference. To resolve the issue, the uninitialized attribute zone_rule->attr was replaced with the attribute attr, which already has the necessary pointer value.

Kernel Log

 BUG: kernel NULL pointer dereference, address: 000000000000011
 RIP: 001:mlx5_tc_ct_entry_add_rule+x2b1/x2f [mlx5_core]
…
 Call Trace:
  <TASK>
  ? __die+x20/x70
  ? page_fault_oops+x150/x3e
  ? exc_page_fault+x74/x140
  ? asm_exc_page_fault+x22/x30
  ? mlx5_tc_ct_entry_add_rule+x2b1/x2f [mlx5_core]
  ? mlx5_tc_ct_entry_add_rule+x1d5/x2f [mlx5_core]
  mlx5_tc_ct_block_flow_offload+xc6a/xf90 [mlx5_core]
  ? nf_flow_offload_tuple+xd8/x190 [nf_flow_table]
  nf_flow_offload_tuple+xd8/x190 [nf_flow_table]
  flow_offload_work_handler+x142/x320 [nf_flow_table]
  ? finish_task_switch.isra.+x15b/x2b
  process_one_work+x16c/x320
  worker_thread+x28c/x3a
  ? __pfx_worker_thread+x10/x10
  kthread+xb8/xf
  ? __pfx_kthread+x10/x10
  ret_from_fork+x2d/x50
  ? __pfx_kthread+x10/x10
  ret_from_fork_asm+x1a/x30
  </TASK>

Original References

1. Linux kernel commit fixing the issue: net: mlx5e: CT: Fix null-ptr-deref in add rule err flow
2. Official CVE Record: CVE-2024-53120

Exploit Details

Although not necessarily exploitable, the NULL pointer dereference vulnerability has the potential to cause a kernel crash or denial of service (DoS) attack. At this time, there are no known public exploits specifically targeting this vulnerability. However, it is always a good practice to ensure that your systems are updated with the latest security patches to mitigate any potential issues.

Conclusion

CVE-2024-53120 highlights the importance of properly handling error flows and memory allocations in kernel-level programming. The Linux kernel developers have successfully addressed this problem in the recent patches. Be sure to update your systems to stay protected against any potential threats that could arise from this vulnerability.

Timeline

Published on: 12/02/2024 14:15:12 UTC
Last modified on: 12/19/2024 09:39:38 UTC