We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-50296

net: hns3: fix kernel crash when uninstalling driver



Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, a kernel crash occurs. The reason is that the two actions call function pci_disable_sriov(). The num_VFs is checked to determine whether to release the corresponding resources. During the second calling, num_VFs is not 0 and the resource release function is called. However, the corresponding resource has been released during the first invoking. Therefore, the problem occurs: [15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ... [15278.131557][T50670] Call trace: [15278.134686][T50670] klist_put+0x28/0x12c [15278.138682][T50670] klist_del+0x14/0x20 [15278.142592][T50670] device_del+0xbc/0x3c0 [15278.146676][T50670] pci_remove_bus_device+0x84/0x120 [15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80 [15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c [15278.162485][T50670] sriov_disable+0x50/0x11c [15278.166829][T50670] pci_disable_sriov+0x24/0x30 [15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3] [15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge] [15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230 [15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30 [15278.193848][T50670] invoke_syscall+0x50/0x11c [15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164 [15278.203837][T50670] do_el0_svc+0x34/0xcc [15278.207834][T50670] el0_svc+0x20/0x30 For details, see the following figure. rmmod hclge disable VFs ---------------------------------------------------- hclge_exit() sriov_numvfs_store() ... device_lock() pci_disable_sriov() hns3_pci_sriov_configure() pci_disable_sriov() sriov_disable() sriov_disable() if !num_VFs : if !num_VFs : return; return; sriov_del_vfs() sriov_del_vfs() ... ... klist_put() klist_put() ... ... num_VFs = 0; num_VFs = 0; device_unlock(); In this patch, when driver is removing, we get the device_lock() to protect num_VFs, just like sriov_numvfs_store().

Reserved 2024-10-21 | Published 2024-11-19 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

b06ad258e01389ca3ff13bc180f3fcd6a608f1cd before a0df055775f30850c0da8f7dab40d67c0fd63908
affected

c4b64011e458aa2b246cd4e42012cfd83d2d9a5c before 7ae4e56de7dbd0999578246a536cf52a63f4056d
affected

d36b15e3e7b5937cb1f6ac590a85facc3a320642 before 590a4b2d4e0b73586e88bce9b8135b593355ec09
affected

0dd8a25f355b4df2d41c08df1716340854c7d4c5 before e36482b222e00cc7aeeea772fc0cf2943590bc4d
affected

0dd8a25f355b4df2d41c08df1716340854c7d4c5 before 76b155e14d9b182ce83d32ada2d0d7219ea8c8dd
affected

0dd8a25f355b4df2d41c08df1716340854c7d4c5 before 719edd9f3372ce7fb3b157647c6658672946874b
affected

0dd8a25f355b4df2d41c08df1716340854c7d4c5 before b5c94e4d947d15d521e935ff10c5a22a7883dea5
affected

0dd8a25f355b4df2d41c08df1716340854c7d4c5 before df3dff8ab6d79edc942464999d06fbaedf8cdd18
affected

9b5a29f0acefa3eb1dbe2fa302b393eeff64d933
affected

Default status
affected

5.15
affected

Any version before 5.15
unaffected

4.19.324
unaffected

5.4.286
unaffected

5.10.230
unaffected

5.15.172
unaffected

6.1.117
unaffected

6.6.61
unaffected

6.11.8
unaffected

6.12
unaffected

References

git.kernel.org/...c/a0df055775f30850c0da8f7dab40d67c0fd63908

git.kernel.org/...c/7ae4e56de7dbd0999578246a536cf52a63f4056d

git.kernel.org/...c/590a4b2d4e0b73586e88bce9b8135b593355ec09

git.kernel.org/...c/e36482b222e00cc7aeeea772fc0cf2943590bc4d

git.kernel.org/...c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd

git.kernel.org/...c/719edd9f3372ce7fb3b157647c6658672946874b

git.kernel.org/...c/b5c94e4d947d15d521e935ff10c5a22a7883dea5

git.kernel.org/...c/df3dff8ab6d79edc942464999d06fbaedf8cdd18

cve.org (CVE-2024-50296)

nvd.nist.gov (CVE-2024-50296)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-50296

Support options

Helpdesk Chat, Email, Knowledgebase