Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2024-26743) ELSA-2024-3618: kernel update

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Linux: (CVE-2024-26743) ELSA-2024-3618: kernel update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/03/2024
Created
06/07/2024
Added
06/06/2024
Modified
06/06/2024

Description

In the Linux kernel, the following vulnerability has been resolved:

RDMA/qedr: Fix qedr_create_user_qp error flow

Avoid the following warning by making sure to free the allocated

resources in case that qedr_init_user_queue() fail.

-----------[ cut here ]-----------

WARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]

Modules linked in: tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3

ghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt]

CPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1

Hardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022

RIP: 0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]

Code: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 <0f> 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff

RSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286

RAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016

RDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600

RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000

R10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80

R13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000

FS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0

Call Trace:

<TASK>

? show_trace_log_lvl+0x1c4/0x2df

? show_trace_log_lvl+0x1c4/0x2df

? ib_uverbs_close+0x1f/0xb0 [ib_uverbs]

? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]

? __warn+0x81/0x110

? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]

? report_bug+0x10a/0x140

? handle_bug+0x3c/0x70

? exc_invalid_op+0x14/0x70

? asm_exc_invalid_op+0x16/0x20

? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]

ib_uverbs_close+0x1f/0xb0 [ib_uverbs]

__fput+0x94/0x250

task_work_run+0x5c/0x90

do_exit+0x270/0x4a0

do_group_exit+0x2d/0x90

get_signal+0x87c/0x8c0

arch_do_signal_or_restart+0x25/0x100

? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs]

exit_to_user_mode_loop+0x9c/0x130

exit_to_user_mode_prepare+0xb6/0x100

syscall_exit_to_user_mode+0x12/0x40

do_syscall_64+0x69/0x90

? syscall_exit_work+0x103/0x130

? syscall_exit_to_user_mode+0x22/0x40

? do_syscall_64+0x69/0x90

? syscall_exit_work+0x103/0x130

? syscall_exit_to_user_mode+0x22/0x40

? do_syscall_64+0x69/0x90

? do_syscall_64+0x69/0x90

? common_interrupt+0x43/0xa0

entry_SYSCALL_64_after_hwframe+0x72/0xdc

RIP: 0033:0x1470abe3ec6b

Code: Unable to access opcode bytes at RIP 0x1470abe3ec41.

RSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010

RAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b

RDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004

RBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00

R10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358

R13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470

</TASK>

--[ end trace 888a9b92e04c5c97 ]--

Solution(s)

  • oracle-linux-upgrade-kernel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;