CVE-2024-36006: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists without checking that the lists are not empty. This is incorrect usage of the API, which leads to the following warning [1]. Fix by returning if the lists are empty as there is nothing to migrate in this case. [1] WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0> Modules linked in: CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0 [...] Call Trace: <TASK> mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK>
AI Analysis
Technical Summary
CVE-2024-36006 addresses a vulnerability in the Linux kernel specifically within the Mellanox mlxsw driver component responsible for managing spectrum ACL (Access Control List) TCAM (Ternary Content Addressable Memory) entries. The vulnerability arises from improper usage of the Linux kernel's linked list API. Two functions, one migrating all chunks within a region and another migrating all entries within a chunk, call list_first_entry() without verifying that the lists are non-empty. This incorrect API usage can lead to kernel warnings and potentially undefined behavior or kernel crashes due to dereferencing invalid list entries. The issue was identified in the mlxsw_sp_acl_tcam_vchunk_migrate_all function and related workqueue processing functions. The fix involves adding checks to return early if the lists are empty, preventing invalid list access and stabilizing the kernel operation. This vulnerability is present in Linux kernel versions around 6.9.0-rc3 and affects systems using Mellanox Technologies network hardware, such as the MSN3700 switch. Although no known exploits are reported in the wild, the vulnerability could cause denial of service (DoS) conditions through kernel panics or crashes if triggered. Given that the mlxsw driver is used in high-performance networking environments, this flaw could impact network reliability and availability on affected systems.
Potential Impact
For European organizations, especially those operating data centers, cloud infrastructure, or high-performance computing environments that utilize Linux servers with Mellanox network adapters or switches, this vulnerability poses a risk of service disruption. A kernel panic or crash triggered by this flaw could lead to temporary loss of network connectivity, impacting critical business applications, cloud services, or telecommunications infrastructure. Organizations relying on Linux-based networking equipment for internal or external communications may experience degraded service availability or outages. While the vulnerability does not appear to allow privilege escalation or remote code execution, the potential for denial of service could affect operational continuity, incident response, and SLAs. Industries such as finance, telecommunications, research institutions, and cloud service providers in Europe that deploy Mellanox hardware in their Linux environments are particularly at risk. The absence of known exploits reduces immediate threat but does not eliminate the risk of future exploitation or accidental triggering during normal operations.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel versions to incorporate the patch that fixes this vulnerability once it is officially released. In the interim, system administrators should monitor kernel logs for warnings related to mlxsw_sp_acl_tcam and related mlxsw driver components to detect potential triggering of this issue. Network teams should assess the deployment of Mellanox hardware and consider isolating or limiting workloads on affected systems until patched. Implementing robust kernel crash recovery and high availability configurations can mitigate the impact of potential DoS conditions. Additionally, organizations should engage with their Linux distribution vendors or Mellanox support channels to obtain backported patches or guidance tailored to their environments. Regularly auditing and updating network driver firmware and software stacks will reduce exposure. Finally, incorporating this vulnerability into vulnerability management and incident response plans ensures preparedness for any exploitation attempts or operational disruptions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-36006: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists without checking that the lists are not empty. This is incorrect usage of the API, which leads to the following warning [1]. Fix by returning if the lists are empty as there is nothing to migrate in this case. [1] WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0> Modules linked in: CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0 [...] Call Trace: <TASK> mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2024-36006 addresses a vulnerability in the Linux kernel specifically within the Mellanox mlxsw driver component responsible for managing spectrum ACL (Access Control List) TCAM (Ternary Content Addressable Memory) entries. The vulnerability arises from improper usage of the Linux kernel's linked list API. Two functions, one migrating all chunks within a region and another migrating all entries within a chunk, call list_first_entry() without verifying that the lists are non-empty. This incorrect API usage can lead to kernel warnings and potentially undefined behavior or kernel crashes due to dereferencing invalid list entries. The issue was identified in the mlxsw_sp_acl_tcam_vchunk_migrate_all function and related workqueue processing functions. The fix involves adding checks to return early if the lists are empty, preventing invalid list access and stabilizing the kernel operation. This vulnerability is present in Linux kernel versions around 6.9.0-rc3 and affects systems using Mellanox Technologies network hardware, such as the MSN3700 switch. Although no known exploits are reported in the wild, the vulnerability could cause denial of service (DoS) conditions through kernel panics or crashes if triggered. Given that the mlxsw driver is used in high-performance networking environments, this flaw could impact network reliability and availability on affected systems.
Potential Impact
For European organizations, especially those operating data centers, cloud infrastructure, or high-performance computing environments that utilize Linux servers with Mellanox network adapters or switches, this vulnerability poses a risk of service disruption. A kernel panic or crash triggered by this flaw could lead to temporary loss of network connectivity, impacting critical business applications, cloud services, or telecommunications infrastructure. Organizations relying on Linux-based networking equipment for internal or external communications may experience degraded service availability or outages. While the vulnerability does not appear to allow privilege escalation or remote code execution, the potential for denial of service could affect operational continuity, incident response, and SLAs. Industries such as finance, telecommunications, research institutions, and cloud service providers in Europe that deploy Mellanox hardware in their Linux environments are particularly at risk. The absence of known exploits reduces immediate threat but does not eliminate the risk of future exploitation or accidental triggering during normal operations.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel versions to incorporate the patch that fixes this vulnerability once it is officially released. In the interim, system administrators should monitor kernel logs for warnings related to mlxsw_sp_acl_tcam and related mlxsw driver components to detect potential triggering of this issue. Network teams should assess the deployment of Mellanox hardware and consider isolating or limiting workloads on affected systems until patched. Implementing robust kernel crash recovery and high availability configurations can mitigate the impact of potential DoS conditions. Additionally, organizations should engage with their Linux distribution vendors or Mellanox support channels to obtain backported patches or guidance tailored to their environments. Regularly auditing and updating network driver firmware and software stacks will reduce exposure. Finally, incorporating this vulnerability into vulnerability management and incident response plans ensures preparedness for any exploitation attempts or operational disruptions.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.150Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe2443
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 9:12:22 AM
Last updated: 8/16/2025, 12:49:20 PM
Views: 14
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.