CVE-2024-26595: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon 'region->group->tcam' [1]. Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam(). [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0 [...] Call Trace: mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b
AI Analysis
Technical Summary
CVE-2024-26595 is a vulnerability identified in the Linux kernel, specifically within the mlxsw (Mellanox Spectrum switch) driver component that handles ACL (Access Control List) TCAM (Ternary Content-Addressable Memory) regions. The flaw arises in the error handling path of the function mlxsw_sp_acl_tcam_region_destroy(). When an attempt to attach an ACL region to an ACL group fails, the code erroneously dereferences a NULL pointer via 'region->group->tcam', leading to a kernel NULL pointer dereference and subsequent kernel crash (BUG). This occurs because the pointer to the TCAM structure is not properly retrieved in the error path, causing a NULL pointer dereference at address 0x0. The fix involves correctly retrieving the 'tcam' pointer using the mlxsw_sp_acl_to_tcam() helper function, preventing the NULL dereference. The stack trace shows the vulnerability is triggered during ACL rule addition and flower filter replacement operations, which are part of network traffic control and filtering mechanisms in the Linux kernel networking subsystem. This vulnerability can cause a denial of service (DoS) by crashing the kernel, impacting system availability. There is no indication that this vulnerability allows privilege escalation or remote code execution. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The affected versions appear to be specific Linux kernel builds or commits identified by hashes, implying that this vulnerability affects recent or specific versions of the Linux kernel incorporating the mlxsw driver.
Potential Impact
For European organizations, the primary impact of CVE-2024-26595 is a potential denial of service condition on Linux systems running affected kernel versions with Mellanox Spectrum switch drivers. Organizations relying on Linux servers for networking infrastructure, especially those using Mellanox hardware for high-performance networking or data center switching, could experience unexpected kernel crashes leading to service interruptions. This can affect critical network functions such as ACL enforcement and traffic filtering, potentially disrupting network security policies and traffic management. While the vulnerability does not appear to allow direct data compromise or privilege escalation, the loss of availability can impact business operations, particularly in sectors with high network traffic demands such as telecommunications, cloud service providers, financial institutions, and large enterprises. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the bug. Given the reliance on Linux in European IT infrastructure and the use of Mellanox hardware in data centers, the impact is non-trivial and warrants timely mitigation to maintain network stability and security posture.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patches that fix the NULL pointer dereference in the mlxsw driver is the most effective mitigation. Organizations should track Linux kernel updates and apply security patches promptly. 2. For environments where immediate patching is not feasible, consider disabling or limiting the use of ACL features or traffic control rules that invoke the mlxsw_sp_acl_tcam_region_destroy() path, if operationally possible, to reduce exposure. 3. Monitor kernel logs for BUG reports or kernel oops messages related to mlxsw_sp_acl_tcam_region_destroy or NULL pointer dereferences to detect potential triggering of this vulnerability. 4. Implement robust system monitoring and automated reboot or failover mechanisms to minimize downtime in case of kernel crashes. 5. Validate and test kernel updates in staging environments before deployment to avoid regression issues. 6. Engage with Mellanox hardware vendors and Linux distribution maintainers for guidance and updated driver versions. 7. Maintain an inventory of systems using affected kernel versions and Mellanox hardware to prioritize patching efforts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland
CVE-2024-26595: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon 'region->group->tcam' [1]. Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam(). [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0 [...] Call Trace: mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b
AI-Powered Analysis
Technical Analysis
CVE-2024-26595 is a vulnerability identified in the Linux kernel, specifically within the mlxsw (Mellanox Spectrum switch) driver component that handles ACL (Access Control List) TCAM (Ternary Content-Addressable Memory) regions. The flaw arises in the error handling path of the function mlxsw_sp_acl_tcam_region_destroy(). When an attempt to attach an ACL region to an ACL group fails, the code erroneously dereferences a NULL pointer via 'region->group->tcam', leading to a kernel NULL pointer dereference and subsequent kernel crash (BUG). This occurs because the pointer to the TCAM structure is not properly retrieved in the error path, causing a NULL pointer dereference at address 0x0. The fix involves correctly retrieving the 'tcam' pointer using the mlxsw_sp_acl_to_tcam() helper function, preventing the NULL dereference. The stack trace shows the vulnerability is triggered during ACL rule addition and flower filter replacement operations, which are part of network traffic control and filtering mechanisms in the Linux kernel networking subsystem. This vulnerability can cause a denial of service (DoS) by crashing the kernel, impacting system availability. There is no indication that this vulnerability allows privilege escalation or remote code execution. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The affected versions appear to be specific Linux kernel builds or commits identified by hashes, implying that this vulnerability affects recent or specific versions of the Linux kernel incorporating the mlxsw driver.
Potential Impact
For European organizations, the primary impact of CVE-2024-26595 is a potential denial of service condition on Linux systems running affected kernel versions with Mellanox Spectrum switch drivers. Organizations relying on Linux servers for networking infrastructure, especially those using Mellanox hardware for high-performance networking or data center switching, could experience unexpected kernel crashes leading to service interruptions. This can affect critical network functions such as ACL enforcement and traffic filtering, potentially disrupting network security policies and traffic management. While the vulnerability does not appear to allow direct data compromise or privilege escalation, the loss of availability can impact business operations, particularly in sectors with high network traffic demands such as telecommunications, cloud service providers, financial institutions, and large enterprises. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the bug. Given the reliance on Linux in European IT infrastructure and the use of Mellanox hardware in data centers, the impact is non-trivial and warrants timely mitigation to maintain network stability and security posture.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patches that fix the NULL pointer dereference in the mlxsw driver is the most effective mitigation. Organizations should track Linux kernel updates and apply security patches promptly. 2. For environments where immediate patching is not feasible, consider disabling or limiting the use of ACL features or traffic control rules that invoke the mlxsw_sp_acl_tcam_region_destroy() path, if operationally possible, to reduce exposure. 3. Monitor kernel logs for BUG reports or kernel oops messages related to mlxsw_sp_acl_tcam_region_destroy or NULL pointer dereferences to detect potential triggering of this vulnerability. 4. Implement robust system monitoring and automated reboot or failover mechanisms to minimize downtime in case of kernel crashes. 5. Validate and test kernel updates in staging environments before deployment to avoid regression issues. 6. Engage with Mellanox hardware vendors and Linux distribution maintainers for guidance and updated driver versions. 7. Maintain an inventory of systems using affected kernel versions and Mellanox hardware to prioritize patching efforts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.127Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe4113
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 9:09:40 PM
Last updated: 7/26/2025, 10:41:41 PM
Views: 10
Related Threats
CVE-2025-8081: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in elemntor Elementor Website Builder – More Than Just a Page Builder
MediumCVE-2025-6253: CWE-862 Missing Authorization in uicore UiCore Elements – Free Elementor widgets and templates
HighCVE-2025-3892: CWE-250: Execution with Unnecessary Privileges in Axis Communications AB AXIS OS
MediumCVE-2025-30027: CWE-1287: Improper Validation of Specified Type of Input in Axis Communications AB AXIS OS
MediumCVE-2025-7622: CWE-918: Server-Side Request Forgery (SSRF) in Axis Communications AB AXIS Camera Station Pro
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.