nfp:flower:处理 acti_netdevs 分配失败(CVE-2024-27046)

CVE编号

CVE-2024-27046

利用情况

暂无

补丁情况

N/A

披露时间

2024-05-01
漏洞描述
In the Linux kernel, the following vulnerability has been resolved:

nfp: flower: handle acti_netdevs allocation failure

The kmalloc_array() in nfp_fl_lag_do_work() will return null, if
the physical memory has run out. As a result, if we dereference
the acti_netdevs, the null pointer dereference bugs will happen.

This patch adds a check to judge whether allocation failure occurs.
If it happens, the delayed work will be rescheduled and try again.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://git.kernel.org/stable/c/0d387dc503f9a53e6d1f6e9dd0292d38f083eba5
https://git.kernel.org/stable/c/3b1e8a617eb0f4cdc19def530047a95b5abde07d
https://git.kernel.org/stable/c/408ba7fd04f959c61b50db79c983484312fea642
https://git.kernel.org/stable/c/84e95149bd341705f0eca6a7fcb955c548805002
https://git.kernel.org/stable/c/928705e341010dd910fdece61ccb974f494a758f
https://git.kernel.org/stable/c/9d8eb1238377cd994829f9162ae396a84ae037b2
https://git.kernel.org/stable/c/c8df9203bf22c66fa26e8d8c7f8ce181cf88099d
https://git.kernel.org/stable/c/c9b4e220dd18f79507803f38a55d53b483f6c9c3
https://git.kernel.org/stable/c/d746889db75a76aeee95fb705b8e1ac28c684a2e
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 debian_12 linux * Up to
(excluding)
6.1.85-1
CVSS3评分
N/A
  • 攻击路径
    N/A
  • 攻击复杂度
    N/A
  • 权限要求
    N/A
  • 影响范围
    N/A
  • 用户交互
    N/A
  • 可用性
    N/A
  • 保密性
    N/A
  • 完整性
    N/A
N/A
CWE-ID 漏洞类型
阿里云安全产品覆盖情况