CVE-2024-26859: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when handling reset tasks. The bnx2x_tx_timeout() schedules reset tasks via bnx2x_sp_rtnl_task(), which ultimately leads to bnx2x_nic_unload(). In bnx2x_nic_unload() SGEs are freed using bnx2x_free_rx_sge_range(). However, this could overlap with the EEH driver's attempt to reset the device using bnx2x_io_slot_reset(), which also tries to free SGEs. This race condition can result in system crashes due to accessing freed memory locations in bnx2x_free_rx_sge() 799 static inline void bnx2x_free_rx_sge(struct bnx2x *bp, 800 struct bnx2x_fastpath *fp, u16 index) 801 { 802 struct sw_rx_page *sw_buf = &fp->rx_page_ring[index]; 803 struct page *page = sw_buf->page; .... where sw_buf was set to NULL after the call to dma_unmap_page() by the preceding thread. EEH: Beginning: 'slot_reset' PCI 0011:01:00.0#10000: EEH: Invoking bnx2x->slot_reset() bnx2x: [bnx2x_io_slot_reset:14228(eth1)]IO slot reset initializing... bnx2x 0011:01:00.0: enabling device (0140 -> 0142) bnx2x: [bnx2x_io_slot_reset:14244(eth1)]IO slot reset --> driver unload Kernel attempted to read user page (0) - exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc0080000025065fc Oops: Kernel access of bad area, sig: 11 [#1] ..... Call Trace: [c000000003c67a20] [c00800000250658c] bnx2x_io_slot_reset+0x204/0x610 [bnx2x] (unreliable) [c000000003c67af0] [c0000000000518a8] eeh_report_reset+0xb8/0xf0 [c000000003c67b60] [c000000000052130] eeh_pe_report+0x180/0x550 [c000000003c67c70] [c00000000005318c] eeh_handle_normal_event+0x84c/0xa60 [c000000003c67d50] [c000000000053a84] eeh_event_handler+0xf4/0x170 [c000000003c67da0] [c000000000194c58] kthread+0x1c8/0x1d0 [c000000003c67e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64 To solve this issue, we need to verify page pool allocations before freeing.
AI Analysis
Technical Summary
CVE-2024-26859 is a vulnerability identified in the Linux kernel's bnx2x network driver, which handles Broadcom NetXtreme II Ethernet devices. The flaw arises from a race condition during Enhanced Error Handling (EEH) error recovery, specifically in the transmit timeout and device reset logic. When the bnx2x_tx_timeout() function schedules reset tasks via bnx2x_sp_rtnl_task(), it eventually leads to bnx2x_nic_unload(), where Scatter-Gather Elements (SGEs) are freed using bnx2x_free_rx_sge_range(). Concurrently, the EEH driver attempts to reset the device by calling bnx2x_io_slot_reset(), which also frees SGEs. This overlap creates a race condition that can cause the driver to access freed memory, leading to a kernel NULL pointer dereference and system crash. The root cause is that the page pool allocations are not properly verified before freeing, allowing one thread to free memory that another thread is still referencing. The vulnerability manifests as a kernel oops and can cause a denial of service due to system instability or crash. The detailed kernel logs show the sequence of calls and the failure point, confirming the race condition and improper memory handling. This issue affects Linux kernel versions containing the vulnerable bnx2x driver code prior to the fix, which involves verifying page pool allocations before freeing to prevent double free or use-after-free conditions. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the vulnerable bnx2x driver, commonly found in servers and network infrastructure using Broadcom NetXtreme II Ethernet adapters. The impact includes potential denial of service through system crashes triggered by the race condition during EEH error recovery. This can disrupt critical network services, affecting availability and operational continuity. Organizations relying on high-availability Linux-based network appliances, data centers, or cloud infrastructure could experience outages or degraded performance. While the vulnerability does not directly lead to privilege escalation or data leakage, the resulting system instability can indirectly impact confidentiality and integrity by causing unexpected reboots or service interruptions. The absence of known exploits reduces immediate risk, but the complexity of the issue and its presence in kernel-level code means that sophisticated attackers or accidental triggers could cause significant disruption. European sectors with critical infrastructure, financial services, telecommunications, and public services that depend on stable Linux networking environments are particularly sensitive to such disruptions.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernels to versions where the bnx2x driver has been patched to verify page pool allocations before freeing memory. Kernel updates from trusted Linux distributions that incorporate this fix should be applied promptly. Additionally, organizations should audit their network infrastructure to identify systems using Broadcom NetXtreme II Ethernet adapters and ensure these systems are running patched kernels. Implementing robust monitoring for kernel oops, system crashes, and EEH error events can help detect attempts to trigger this race condition. For environments where immediate patching is not feasible, consider isolating vulnerable systems from critical network segments or applying kernel-level mitigations such as disabling EEH error recovery if it does not impact operational requirements, though this may reduce fault tolerance. Engaging with hardware and Linux distribution vendors for guidance on backported patches or workarounds is also recommended. Finally, maintaining comprehensive backups and disaster recovery plans will help minimize operational impact in case of system crashes caused by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-26859: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when handling reset tasks. The bnx2x_tx_timeout() schedules reset tasks via bnx2x_sp_rtnl_task(), which ultimately leads to bnx2x_nic_unload(). In bnx2x_nic_unload() SGEs are freed using bnx2x_free_rx_sge_range(). However, this could overlap with the EEH driver's attempt to reset the device using bnx2x_io_slot_reset(), which also tries to free SGEs. This race condition can result in system crashes due to accessing freed memory locations in bnx2x_free_rx_sge() 799 static inline void bnx2x_free_rx_sge(struct bnx2x *bp, 800 struct bnx2x_fastpath *fp, u16 index) 801 { 802 struct sw_rx_page *sw_buf = &fp->rx_page_ring[index]; 803 struct page *page = sw_buf->page; .... where sw_buf was set to NULL after the call to dma_unmap_page() by the preceding thread. EEH: Beginning: 'slot_reset' PCI 0011:01:00.0#10000: EEH: Invoking bnx2x->slot_reset() bnx2x: [bnx2x_io_slot_reset:14228(eth1)]IO slot reset initializing... bnx2x 0011:01:00.0: enabling device (0140 -> 0142) bnx2x: [bnx2x_io_slot_reset:14244(eth1)]IO slot reset --> driver unload Kernel attempted to read user page (0) - exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc0080000025065fc Oops: Kernel access of bad area, sig: 11 [#1] ..... Call Trace: [c000000003c67a20] [c00800000250658c] bnx2x_io_slot_reset+0x204/0x610 [bnx2x] (unreliable) [c000000003c67af0] [c0000000000518a8] eeh_report_reset+0xb8/0xf0 [c000000003c67b60] [c000000000052130] eeh_pe_report+0x180/0x550 [c000000003c67c70] [c00000000005318c] eeh_handle_normal_event+0x84c/0xa60 [c000000003c67d50] [c000000000053a84] eeh_event_handler+0xf4/0x170 [c000000003c67da0] [c000000000194c58] kthread+0x1c8/0x1d0 [c000000003c67e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64 To solve this issue, we need to verify page pool allocations before freeing.
AI-Powered Analysis
Technical Analysis
CVE-2024-26859 is a vulnerability identified in the Linux kernel's bnx2x network driver, which handles Broadcom NetXtreme II Ethernet devices. The flaw arises from a race condition during Enhanced Error Handling (EEH) error recovery, specifically in the transmit timeout and device reset logic. When the bnx2x_tx_timeout() function schedules reset tasks via bnx2x_sp_rtnl_task(), it eventually leads to bnx2x_nic_unload(), where Scatter-Gather Elements (SGEs) are freed using bnx2x_free_rx_sge_range(). Concurrently, the EEH driver attempts to reset the device by calling bnx2x_io_slot_reset(), which also frees SGEs. This overlap creates a race condition that can cause the driver to access freed memory, leading to a kernel NULL pointer dereference and system crash. The root cause is that the page pool allocations are not properly verified before freeing, allowing one thread to free memory that another thread is still referencing. The vulnerability manifests as a kernel oops and can cause a denial of service due to system instability or crash. The detailed kernel logs show the sequence of calls and the failure point, confirming the race condition and improper memory handling. This issue affects Linux kernel versions containing the vulnerable bnx2x driver code prior to the fix, which involves verifying page pool allocations before freeing to prevent double free or use-after-free conditions. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the vulnerable bnx2x driver, commonly found in servers and network infrastructure using Broadcom NetXtreme II Ethernet adapters. The impact includes potential denial of service through system crashes triggered by the race condition during EEH error recovery. This can disrupt critical network services, affecting availability and operational continuity. Organizations relying on high-availability Linux-based network appliances, data centers, or cloud infrastructure could experience outages or degraded performance. While the vulnerability does not directly lead to privilege escalation or data leakage, the resulting system instability can indirectly impact confidentiality and integrity by causing unexpected reboots or service interruptions. The absence of known exploits reduces immediate risk, but the complexity of the issue and its presence in kernel-level code means that sophisticated attackers or accidental triggers could cause significant disruption. European sectors with critical infrastructure, financial services, telecommunications, and public services that depend on stable Linux networking environments are particularly sensitive to such disruptions.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernels to versions where the bnx2x driver has been patched to verify page pool allocations before freeing memory. Kernel updates from trusted Linux distributions that incorporate this fix should be applied promptly. Additionally, organizations should audit their network infrastructure to identify systems using Broadcom NetXtreme II Ethernet adapters and ensure these systems are running patched kernels. Implementing robust monitoring for kernel oops, system crashes, and EEH error events can help detect attempts to trigger this race condition. For environments where immediate patching is not feasible, consider isolating vulnerable systems from critical network segments or applying kernel-level mitigations such as disabling EEH error recovery if it does not impact operational requirements, though this may reduce fault tolerance. Engaging with hardware and Linux distribution vendors for guidance on backported patches or workarounds is also recommended. Finally, maintaining comprehensive backups and disaster recovery plans will help minimize operational impact in case of system crashes caused by this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.183Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe3db2
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 7:27:35 PM
Last updated: 7/31/2025, 8:32:28 PM
Views: 15
Related Threats
CVE-2025-9095: Cross Site Scripting in ExpressGateway express-gateway
MediumCVE-2025-7342: CWE-798 Use of Hard-coded Credentials in Kubernetes Image Builder
HighCVE-2025-9094: Improper Neutralization of Special Elements Used in a Template Engine in ThingsBoard
MediumCVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumResearcher to release exploit for full auth bypass on FortiWeb
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.