Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-57795— RDMA/rxe: Remove the direct link to net_device

EPSS 0.01% · P2

Affected Version Matrix 8

VendorProductVersion RangeStatus
LinuxLinux8700e3e7c4857d28ebaa824509934556da0b3e76< 32ca3557d968e662957131374a5f81c9c9cdbba8affected
8700e3e7c4857d28ebaa824509934556da0b3e76< 9f6f54e6a6863131442b40e14d1792b090c7ce21affected
8700e3e7c4857d28ebaa824509934556da0b3e76< 2ac5415022d16d63d912a39a06f32f1f51140261affected
4.8affected
< 4.8unaffected
6.6.120≤ 6.6.*unaffected
6.12.9≤ 6.12.*unaffected
6.13≤ *unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-57795

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
RDMA/rxe: Remove the direct link to net_device
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem. In the following Call Traces: " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 Read of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295 CPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted 6.12.0-rc3-syzkaller-00399-g9197b73fd7bb #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: infiniband ib_cache_event_task Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 rxe_query_port+0x12d/0x260 drivers/infiniband/sw/rxe/rxe_verbs.c:60 __ib_query_port drivers/infiniband/core/device.c:2111 [inline] ib_query_port+0x168/0x7d0 drivers/infiniband/core/device.c:2143 ib_cache_update+0x1a9/0xb80 drivers/infiniband/core/cache.c:1494 ib_cache_event_task+0xf3/0x1e0 drivers/infiniband/core/cache.c:1568 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f2/0x390 kernel/kthread.c:389 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> " 1). In the link [1], " infiniband syz2: set down " This means that on 839.350575, the event ib_cache_event_task was sent andi queued in ib_wq. 2). In the link [1], " team0 (unregistering): Port device team_slave_0 removed " It indicates that before 843.251853, the net device should be freed. 3). In the link [1], " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 " This means that on 850.559070, this slab-use-after-free problem occurred. In all, on 839.350575, the event ib_cache_event_task was sent and queued in ib_wq, before 843.251853, the net device veth was freed. on 850.559070, this event was executed, and the mentioned freed net device was called. Thus, the above call trace occurred. [1] https://syzkaller.appspot.com/x/log.txt?x=12e7025f980000
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于与net_device直接链接。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 8700e3e7c4857d28ebaa824509934556da0b3e76 ~ 32ca3557d968e662957131374a5f81c9c9cdbba8 -
LinuxLinux 4.8 -

II. Public POCs for CVE-2024-57795

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-57795

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-01-15 · 32 CVEs total

CVE-2024-57898wifi: cfg80211: clear link ID from bitmap during link delete after clean up
CVE-2024-57857RDMA/siw: Remove direct link to net_device
CVE-2024-57844drm/xe: Fix fault on fd close after unbind
CVE-2024-57841net: fix memory leak in tcp_conn_request()
CVE-2024-57802netrom: check buffer length before accessing it
CVE-2024-57801net/mlx5e: Skip restore TC rules for vport rep without loaded flag
CVE-2024-54031netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
CVE-2024-53681nvmet: Don't overflow subsysnqn
CVE-2024-39282net: wwan: t7xx: Fix FSM command timeout issue
CVE-2024-36476RDMA/rtrs: Ensure 'ib_sge list' is accessible
CVE-2025-21629net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
CVE-2024-57903net: restrict SO_REUSEPORT to inet sockets
CVE-2024-57901af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
CVE-2024-57902af_packet: fix vlan_get_tci() vs MSG_PEEK
CVE-2024-57900ila: serialize calls to nf_register_net_hooks()
CVE-2024-57899wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
CVE-2024-57882mptcp: fix TCP options overflow.
CVE-2024-57897drm/amdkfd: Correct the migration DMA map direction
CVE-2024-57896btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount
CVE-2024-57895ksmbd: set ATTR_CTIME flags when setting mtime

Showing top 20 of 32 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-57795

No comments yet

Leave a comment