vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-42142): Linux kernel kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Jul 30, 2024	Nov 4, 2024	Mar 27, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Jul 30, 2024

Added

Nov 4, 2024

Modified

Mar 27, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: E-switch, Create ingress ACL when needed

Currently, ingress acl is used for three features. It is created only
when vport metadata match and prio tag are enabled. But active-backup
lag mode also uses it. It is independent of vport metadata match and
prio tag. And vport metadata match can be disabled using the
following devlink command:

# devlink dev param set pci/0000:08:00.0 name esw_port_metadata \
value false cmode runtime

If ingress acl is not created, will hit panic when creating drop rule
for active-backup lag mode. If always create it, there will be about
5% performance degradation.

Fix it by creating ingress acl when needed. If esw_port_metadata is
true, ingress acl exists, then create drop rule using existing
ingress acl. If esw_port_metadata is false, create ingress acl and
then create drop rule.

Solutions

ubuntu-upgrade-linux-image-6-8-0-1002-gkeopubuntu-upgrade-linux-image-6-8-0-1013-gkeubuntu-upgrade-linux-image-6-8-0-1014-ibmubuntu-upgrade-linux-image-6-8-0-1014-raspiubuntu-upgrade-linux-image-6-8-0-1015-oracleubuntu-upgrade-linux-image-6-8-0-1015-oracle-64kubuntu-upgrade-linux-image-6-8-0-1016-azureubuntu-upgrade-linux-image-6-8-0-1016-azure-fdeubuntu-upgrade-linux-image-6-8-0-1016-gcpubuntu-upgrade-linux-image-6-8-0-1016-oemubuntu-upgrade-linux-image-6-8-0-1017-azureubuntu-upgrade-linux-image-6-8-0-1017-azure-fdeubuntu-upgrade-linux-image-6-8-0-1017-gcpubuntu-upgrade-linux-image-6-8-0-1017-nvidiaubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1018-awsubuntu-upgrade-linux-image-6-8-0-48-genericubuntu-upgrade-linux-image-6-8-0-48-generic-64kubuntu-upgrade-linux-image-6-8-0-48-lowlatencyubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-6-8ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-24-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04ubuntu-upgrade-linux-image-nvidia-hwe-22-04ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-22-04ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report