CVE-2024-36007
📋 TL;DR
This vulnerability in the Linux kernel's mlxsw driver causes a kernel warning during Access Control List (ACL) rehashing operations. It affects systems using Mellanox network hardware with the mlxsw driver, potentially leading to system instability or denial of service. The issue occurs when the driver incorrectly handles migration markers during ACL filter rehashing.
💻 Affected Systems
- Linux kernel with mlxsw driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to memory corruption from iterating over wrong data structures, causing complete system unavailability.
Likely Case
Kernel warning messages in system logs and potential disruption of network ACL functionality, leading to degraded network performance or temporary service interruption.
If Mitigated
Minor performance impact during ACL operations with warning messages logged but no service disruption.
🎯 Exploit Status
Requires local access to trigger ACL operations. No known public exploits, but could be triggered by legitimate system operations or malicious local users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits: 039992b6d2df097c65f480dcf269de3d2656f573, 0b88631855026b55cad901ac28d081e0f358e596, 17e9e0bbae652b9b2049e51699e93dfa60b2988d, 1d76bd2a0034d0d08045c1c6adf2235d88982952, 743edc8547a92b6192aa1f1b6bb78233fa21dc9b
Vendor Advisory: https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable ACL functionality
linuxTemporarily disable Access Control List features if not required, reducing chance of triggering the rehash operation.
# Check current ACL configuration
# Modify network configuration to avoid ACL operations
🧯 If You Can't Patch
- Monitor system logs for kernel warnings related to mlxsw_afk_encode or ACL operations
- Limit local user access to systems with Mellanox hardware to reduce potential trigger sources
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlxsw driver is loaded: 'uname -r' and 'lsmod | grep mlxsw'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and check system logs for absence of mlxsw_afk_encode warnings📡 Detection & Monitoring
Log Indicators:
- Kernel warnings containing 'mlxsw_afk_encode'
- Warnings about ACL operations in system logs
- Messages from mlxsw_sp_acl_tcam_vregion_rehash_work
Network Indicators:
- Unusual network ACL rule changes
- Network performance degradation on Mellanox interfaces
SIEM Query:
source="kernel" AND ("mlxsw_afk_encode" OR "WARNING" AND "mlxsw")🔗 References
- https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573
- https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596
- https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d
- https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952
- https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b
- https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916
- https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861
- https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573
- https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596
- https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d
- https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952
- https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b
- https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916
- https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
