CVE-2024-35853
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's mlxsw driver for Mellanox Spectrum switches. When ACL TCAM region rehashing fails and rollback also fails, the driver attempts another migration that overwrites and leaks memory chunks. This affects systems using Mellanox Spectrum switches with the vulnerable mlxsw driver.
💻 Affected Systems
- Linux kernel with mlxsw driver
- Mellanox Spectrum switches
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Continuous memory leak leading to kernel memory exhaustion, system instability, and potential denial of service or kernel panic.
Likely Case
Memory leak causing gradual performance degradation and eventual system instability requiring reboot.
If Mitigated
Minimal impact with proper monitoring and memory limits in place.
🎯 Exploit Status
Exploitation requires triggering ACL TCAM region rehash operations, typically through network configuration changes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel stable releases containing commits: 0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf, 413a01886c3958d4b8aac23a3bff3d430b92093e, 617e98ba4c50f4547c9eb0946b1cfc26937d70d1, 8ca3f7a7b61393804c46f170743c3b839df13977, b3fd51f684a0711504f82de510da109ae639722d
Vendor Advisory: https://git.kernel.org/stable/c/0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify mlxsw driver is using patched code.
🔧 Temporary Workarounds
Disable ACL TCAM rehashing
linuxPrevent triggering of the vulnerable rehash operation by avoiding ACL configuration changes that would trigger region migration.
# No specific commands - avoid network configuration changes that modify ACL rules
🧯 If You Can't Patch
- Monitor kernel memory usage and system logs for memory leak warnings
- Implement strict change control for network ACL configurations to minimize rehash triggers
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlxsw driver is loaded: 'uname -r' and 'lsmod | grep mlxsw'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and check system logs for absence of parman_destroy warnings📡 Detection & Monitoring
Log Indicators:
- Kernel warnings containing 'parman_destroy'
- Memory leak warnings in kernel logs
- System instability or OOM killer events
Network Indicators:
- None - this is a local memory management issue
SIEM Query:
source="kernel" AND "parman_destroy" OR "mlxsw_sp_acl_tcam_vregion_rehash_work"🔗 References
- https://git.kernel.org/stable/c/0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf
- https://git.kernel.org/stable/c/413a01886c3958d4b8aac23a3bff3d430b92093e
- https://git.kernel.org/stable/c/617e98ba4c50f4547c9eb0946b1cfc26937d70d1
- https://git.kernel.org/stable/c/8ca3f7a7b61393804c46f170743c3b839df13977
- https://git.kernel.org/stable/c/b3fd51f684a0711504f82de510da109ae639722d
- https://git.kernel.org/stable/c/b822644fd90992ee362c5e0c8d2556efc8856c76
- https://git.kernel.org/stable/c/c6f3fa7f5a748bf6e5c4eb742686d6952f854e76
- https://git.kernel.org/stable/c/0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf
- https://git.kernel.org/stable/c/413a01886c3958d4b8aac23a3bff3d430b92093e
- https://git.kernel.org/stable/c/617e98ba4c50f4547c9eb0946b1cfc26937d70d1
- https://git.kernel.org/stable/c/8ca3f7a7b61393804c46f170743c3b839df13977
- https://git.kernel.org/stable/c/b3fd51f684a0711504f82de510da109ae639722d
- https://git.kernel.org/stable/c/b822644fd90992ee362c5e0c8d2556efc8856c76
- https://git.kernel.org/stable/c/c6f3fa7f5a748bf6e5c4eb742686d6952f854e76
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
