CVE-2024-36007: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. When the work runs out of credits it stores the current chunk and entry as markers in the per-work context so that it would know where to resume the migration from the next time the work is scheduled. Upon error, the chunk marker is reset to NULL, but without resetting the entry markers despite being relative to it. This can result in migration being resumed from an entry that does not belong to the chunk being migrated. In turn, this will eventually lead to a chunk being iterated over as if it is an entry. Because of how the two structures happen to be defined, this does not lead to KASAN splats, but to warnings such as [1]. Fix by creating a helper that resets all the markers and call it from all the places the currently only reset the chunk marker. For good measures also call it when starting a completely new rehash. Add a warning to avoid future cases. [1] WARNING: CPU: 7 PID: 1076 at drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0 Modules linked in: CPU: 7 PID: 1076 Comm: kworker/7:24 Tainted: G W 6.9.0-rc3-custom-00880-g29e61d91b77b #29 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_afk_encode+0x242/0x2f0 [...] Call Trace: <TASK> mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290 mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x470 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 </TASK>
AI Analysis
Technical Summary
CVE-2024-36007 is a medium severity vulnerability in the Linux kernel specifically affecting the mlxsw (Mellanox switch) driver component, which handles ACL (Access Control List) TCAM (Ternary Content Addressable Memory) operations. The vulnerability arises from improper handling of internal markers during the rehashing process of ACL filters. The rehash operation migrates filters between regions by iterating over chunks (groups of filters with the same priority) and their entries. When the rehash work is interrupted due to resource constraints (running out of credits), it stores markers to resume later. However, upon encountering an error, the chunk marker is reset to NULL but the entry markers, which are relative to the chunk, are not reset accordingly. This inconsistency can cause the rehash process to resume from an invalid entry that does not belong to the current chunk, leading to the chunk being incorrectly treated as an entry. While this does not cause kernel address sanitizer (KASAN) crashes, it triggers kernel warnings and could potentially destabilize the kernel's network stack. The issue is rooted in the mlxsw_afk_encode function and related ACL TCAM rehash workqueue processing. The fix involves resetting all markers consistently and adding safeguards to prevent future occurrences. The vulnerability requires local privileges with low complexity and no user interaction, impacting availability but not confidentiality or integrity. It affects Linux kernel versions containing the specified commit hashes prior to the fix and is relevant for systems using Mellanox network hardware with the mlxsw driver, commonly found in data centers and enterprise networking environments.
Potential Impact
For European organizations, this vulnerability primarily threatens the availability and stability of Linux-based systems utilizing Mellanox network hardware, which is prevalent in high-performance computing, cloud infrastructure, and enterprise data centers. Disruptions caused by kernel warnings and potential rehash failures could lead to degraded network performance, intermittent connectivity issues, or kernel panics requiring system reboots. This can impact critical services, especially in sectors relying on low-latency and high-throughput networking such as finance, telecommunications, research institutions, and cloud service providers. Although the vulnerability does not expose data confidentiality or integrity directly, the availability impact can cause operational downtime and service interruptions. Given the medium CVSS score and the requirement for local privileges, exploitation is less likely from external attackers but remains a concern for insider threats or compromised accounts. The absence of known exploits in the wild reduces immediate risk but patching is essential to maintain network reliability and prevent potential escalation or chaining with other vulnerabilities.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-36007 as soon as it becomes available. Since the vulnerability affects the mlxsw driver, organizations using Mellanox network devices should verify their kernel versions and apply vendor-specific updates or patches. Network administrators should monitor kernel logs for warnings related to mlxsw_afk_encode or ACL TCAM rehash operations as early indicators of potential issues. Implement strict access controls to limit local user privileges, reducing the risk of exploitation by unauthorized users. For environments where immediate patching is not feasible, consider isolating affected systems or limiting access to trusted personnel. Additionally, coordinate with Mellanox hardware vendors for firmware updates or configuration recommendations that might mitigate risk. Regularly audit network device drivers and kernel modules to ensure they are up to date and configured securely. Finally, incorporate this vulnerability into incident response plans to quickly address any availability issues arising from this flaw.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Switzerland
CVE-2024-36007: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. When the work runs out of credits it stores the current chunk and entry as markers in the per-work context so that it would know where to resume the migration from the next time the work is scheduled. Upon error, the chunk marker is reset to NULL, but without resetting the entry markers despite being relative to it. This can result in migration being resumed from an entry that does not belong to the chunk being migrated. In turn, this will eventually lead to a chunk being iterated over as if it is an entry. Because of how the two structures happen to be defined, this does not lead to KASAN splats, but to warnings such as [1]. Fix by creating a helper that resets all the markers and call it from all the places the currently only reset the chunk marker. For good measures also call it when starting a completely new rehash. Add a warning to avoid future cases. [1] WARNING: CPU: 7 PID: 1076 at drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0 Modules linked in: CPU: 7 PID: 1076 Comm: kworker/7:24 Tainted: G W 6.9.0-rc3-custom-00880-g29e61d91b77b #29 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_afk_encode+0x242/0x2f0 [...] Call Trace: <TASK> mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290 mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x470 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2024-36007 is a medium severity vulnerability in the Linux kernel specifically affecting the mlxsw (Mellanox switch) driver component, which handles ACL (Access Control List) TCAM (Ternary Content Addressable Memory) operations. The vulnerability arises from improper handling of internal markers during the rehashing process of ACL filters. The rehash operation migrates filters between regions by iterating over chunks (groups of filters with the same priority) and their entries. When the rehash work is interrupted due to resource constraints (running out of credits), it stores markers to resume later. However, upon encountering an error, the chunk marker is reset to NULL but the entry markers, which are relative to the chunk, are not reset accordingly. This inconsistency can cause the rehash process to resume from an invalid entry that does not belong to the current chunk, leading to the chunk being incorrectly treated as an entry. While this does not cause kernel address sanitizer (KASAN) crashes, it triggers kernel warnings and could potentially destabilize the kernel's network stack. The issue is rooted in the mlxsw_afk_encode function and related ACL TCAM rehash workqueue processing. The fix involves resetting all markers consistently and adding safeguards to prevent future occurrences. The vulnerability requires local privileges with low complexity and no user interaction, impacting availability but not confidentiality or integrity. It affects Linux kernel versions containing the specified commit hashes prior to the fix and is relevant for systems using Mellanox network hardware with the mlxsw driver, commonly found in data centers and enterprise networking environments.
Potential Impact
For European organizations, this vulnerability primarily threatens the availability and stability of Linux-based systems utilizing Mellanox network hardware, which is prevalent in high-performance computing, cloud infrastructure, and enterprise data centers. Disruptions caused by kernel warnings and potential rehash failures could lead to degraded network performance, intermittent connectivity issues, or kernel panics requiring system reboots. This can impact critical services, especially in sectors relying on low-latency and high-throughput networking such as finance, telecommunications, research institutions, and cloud service providers. Although the vulnerability does not expose data confidentiality or integrity directly, the availability impact can cause operational downtime and service interruptions. Given the medium CVSS score and the requirement for local privileges, exploitation is less likely from external attackers but remains a concern for insider threats or compromised accounts. The absence of known exploits in the wild reduces immediate risk but patching is essential to maintain network reliability and prevent potential escalation or chaining with other vulnerabilities.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-36007 as soon as it becomes available. Since the vulnerability affects the mlxsw driver, organizations using Mellanox network devices should verify their kernel versions and apply vendor-specific updates or patches. Network administrators should monitor kernel logs for warnings related to mlxsw_afk_encode or ACL TCAM rehash operations as early indicators of potential issues. Implement strict access controls to limit local user privileges, reducing the risk of exploitation by unauthorized users. For environments where immediate patching is not feasible, consider isolating affected systems or limiting access to trusted personnel. Additionally, coordinate with Mellanox hardware vendors for firmware updates or configuration recommendations that might mitigate risk. Regularly audit network device drivers and kernel modules to ensure they are up to date and configured securely. Finally, incorporate this vulnerability into incident response plans to quickly address any availability issues arising from this flaw.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.151Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe2447
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 9:12:32 AM
Last updated: 8/14/2025, 8:54:59 AM
Views: 14
Related Threats
CVE-2025-8959: CWE-59: Improper Link Resolution Before File Access (Link Following) in HashiCorp Shared library
HighCVE-2025-44201
LowCVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumCVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.