CVE-2024-38595: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix peer devlink set for SF representor devlink port The cited patch change register devlink flow, and neglect to reflect the changes for peer devlink set logic. Peer devlink set is triggering a call trace if done after devl_register.[1] Hence, align peer devlink set logic with register devlink flow. [1] WARNING: CPU: 4 PID: 3394 at net/devlink/core.c:155 devlink_rel_nested_in_add+0x177/0x180 CPU: 4 PID: 3394 Comm: kworker/u40:1 Not tainted 6.9.0-rc4_for_linust_min_debug_2024_04_16_14_08 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_vhca_event0 mlx5_vhca_state_work_handler [mlx5_core] RIP: 0010:devlink_rel_nested_in_add+0x177/0x180 Call Trace: <TASK> ? __warn+0x78/0x120 ? devlink_rel_nested_in_add+0x177/0x180 ? report_bug+0x16d/0x180 ? handle_bug+0x3c/0x60 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? devlink_port_init+0x30/0x30 ? devlink_port_type_clear+0x50/0x50 ? devlink_rel_nested_in_add+0x177/0x180 ? devlink_rel_nested_in_add+0xdd/0x180 mlx5_sf_mdev_event+0x74/0xb0 [mlx5_core] notifier_call_chain+0x35/0xb0 blocking_notifier_call_chain+0x3d/0x60 mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core] mlx5_sf_dev_probe+0x185/0x3e0 [mlx5_core] auxiliary_bus_probe+0x38/0x80 ? driver_sysfs_add+0x51/0x80 really_probe+0xc5/0x3a0 ? driver_probe_device+0x90/0x90 __driver_probe_device+0x80/0x160 driver_probe_device+0x1e/0x90 __device_attach_driver+0x7d/0x100 bus_for_each_drv+0x80/0xd0 __device_attach+0xbc/0x1f0 bus_probe_device+0x86/0xa0 device_add+0x64f/0x860 __auxiliary_device_add+0x3b/0xa0 mlx5_sf_dev_add+0x139/0x330 [mlx5_core] mlx5_sf_dev_state_change_handler+0x1e4/0x250 [mlx5_core] notifier_call_chain+0x35/0xb0 blocking_notifier_call_chain+0x3d/0x60 mlx5_vhca_state_work_handler+0x151/0x200 [mlx5_core] process_one_work+0x13f/0x2e0 worker_thread+0x2bd/0x3c0 ? rescuer_thread+0x410/0x410 kthread+0xc4/0xf0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x2d/0x50 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork_asm+0x11/0x20 </TASK>
AI Analysis
Technical Summary
CVE-2024-38595 is a vulnerability identified in the Linux kernel, specifically within the networking subsystem related to the Mellanox mlx5 driver and devlink port management. The issue arises from a logic flaw in the peer devlink set operations for Single Function (SF) representor devlink ports. The vulnerability is due to a patch that modified the devlink registration flow but failed to properly align the peer devlink set logic with these changes. This misalignment causes a call trace and kernel warning when peer devlink set is invoked after devlink registration, leading to a kernel warning or potential crash. The kernel warning is triggered in the function devlink_rel_nested_in_add, which is part of the devlink core responsible for managing device links and ports. The stack trace indicates that the problem occurs during the initialization and state change handling of mlx5 SF devices, which are virtual functions or representors used in advanced networking setups, such as SR-IOV or virtualized environments. This vulnerability can cause instability or denial of service (DoS) conditions on affected systems by triggering kernel warnings and potentially crashing kernel worker threads handling mlx5 devices. The issue affects specific Linux kernel versions identified by commit hashes, and it is relevant for systems using the mlx5 driver, commonly found in Mellanox ConnectX-5 and newer network interface cards (NICs). No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet. The vulnerability is technical and low-level, impacting kernel stability and device driver reliability rather than direct remote code execution or privilege escalation.
Potential Impact
For European organizations, the impact of CVE-2024-38595 primarily concerns systems utilizing Mellanox mlx5-based network cards, which are prevalent in high-performance computing, data centers, cloud infrastructure, and enterprise networking environments. Organizations relying on Linux servers with these NICs may experience kernel instability or denial of service due to kernel warnings and crashes triggered by this vulnerability. This can disrupt critical network functions, degrade service availability, and impact workloads dependent on virtualized networking features such as SR-IOV or representor ports. The vulnerability does not appear to allow direct code execution or privilege escalation but can cause service interruptions, which in sectors like finance, telecommunications, healthcare, and government could lead to operational downtime and potential compliance issues under regulations like GDPR if service availability is affected. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system reliability and prevent potential exploitation by attackers aiming to cause denial of service in targeted environments.
Mitigation Recommendations
To mitigate CVE-2024-38595, affected organizations should apply the official Linux kernel patches that align the peer devlink set logic with the devlink registration flow as soon as they become available. Kernel upgrades to versions including this fix are recommended. In environments where immediate patching is not feasible, administrators should monitor kernel logs for warnings related to devlink_rel_nested_in_add and mlx5 devices to detect potential triggering of this issue. Limiting or controlling workloads that perform peer devlink set operations on SF representor ports can reduce exposure. Additionally, testing kernel updates in staging environments before production deployment is advisable to ensure stability. Organizations should also maintain updated backups and have incident response plans for potential kernel crashes or service disruptions. Network administrators should review the use of mlx5 devices and consider fallback or redundancy strategies to minimize impact during patch deployment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland
CVE-2024-38595: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix peer devlink set for SF representor devlink port The cited patch change register devlink flow, and neglect to reflect the changes for peer devlink set logic. Peer devlink set is triggering a call trace if done after devl_register.[1] Hence, align peer devlink set logic with register devlink flow. [1] WARNING: CPU: 4 PID: 3394 at net/devlink/core.c:155 devlink_rel_nested_in_add+0x177/0x180 CPU: 4 PID: 3394 Comm: kworker/u40:1 Not tainted 6.9.0-rc4_for_linust_min_debug_2024_04_16_14_08 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_vhca_event0 mlx5_vhca_state_work_handler [mlx5_core] RIP: 0010:devlink_rel_nested_in_add+0x177/0x180 Call Trace: <TASK> ? __warn+0x78/0x120 ? devlink_rel_nested_in_add+0x177/0x180 ? report_bug+0x16d/0x180 ? handle_bug+0x3c/0x60 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? devlink_port_init+0x30/0x30 ? devlink_port_type_clear+0x50/0x50 ? devlink_rel_nested_in_add+0x177/0x180 ? devlink_rel_nested_in_add+0xdd/0x180 mlx5_sf_mdev_event+0x74/0xb0 [mlx5_core] notifier_call_chain+0x35/0xb0 blocking_notifier_call_chain+0x3d/0x60 mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core] mlx5_sf_dev_probe+0x185/0x3e0 [mlx5_core] auxiliary_bus_probe+0x38/0x80 ? driver_sysfs_add+0x51/0x80 really_probe+0xc5/0x3a0 ? driver_probe_device+0x90/0x90 __driver_probe_device+0x80/0x160 driver_probe_device+0x1e/0x90 __device_attach_driver+0x7d/0x100 bus_for_each_drv+0x80/0xd0 __device_attach+0xbc/0x1f0 bus_probe_device+0x86/0xa0 device_add+0x64f/0x860 __auxiliary_device_add+0x3b/0xa0 mlx5_sf_dev_add+0x139/0x330 [mlx5_core] mlx5_sf_dev_state_change_handler+0x1e4/0x250 [mlx5_core] notifier_call_chain+0x35/0xb0 blocking_notifier_call_chain+0x3d/0x60 mlx5_vhca_state_work_handler+0x151/0x200 [mlx5_core] process_one_work+0x13f/0x2e0 worker_thread+0x2bd/0x3c0 ? rescuer_thread+0x410/0x410 kthread+0xc4/0xf0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x2d/0x50 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork_asm+0x11/0x20 </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2024-38595 is a vulnerability identified in the Linux kernel, specifically within the networking subsystem related to the Mellanox mlx5 driver and devlink port management. The issue arises from a logic flaw in the peer devlink set operations for Single Function (SF) representor devlink ports. The vulnerability is due to a patch that modified the devlink registration flow but failed to properly align the peer devlink set logic with these changes. This misalignment causes a call trace and kernel warning when peer devlink set is invoked after devlink registration, leading to a kernel warning or potential crash. The kernel warning is triggered in the function devlink_rel_nested_in_add, which is part of the devlink core responsible for managing device links and ports. The stack trace indicates that the problem occurs during the initialization and state change handling of mlx5 SF devices, which are virtual functions or representors used in advanced networking setups, such as SR-IOV or virtualized environments. This vulnerability can cause instability or denial of service (DoS) conditions on affected systems by triggering kernel warnings and potentially crashing kernel worker threads handling mlx5 devices. The issue affects specific Linux kernel versions identified by commit hashes, and it is relevant for systems using the mlx5 driver, commonly found in Mellanox ConnectX-5 and newer network interface cards (NICs). No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet. The vulnerability is technical and low-level, impacting kernel stability and device driver reliability rather than direct remote code execution or privilege escalation.
Potential Impact
For European organizations, the impact of CVE-2024-38595 primarily concerns systems utilizing Mellanox mlx5-based network cards, which are prevalent in high-performance computing, data centers, cloud infrastructure, and enterprise networking environments. Organizations relying on Linux servers with these NICs may experience kernel instability or denial of service due to kernel warnings and crashes triggered by this vulnerability. This can disrupt critical network functions, degrade service availability, and impact workloads dependent on virtualized networking features such as SR-IOV or representor ports. The vulnerability does not appear to allow direct code execution or privilege escalation but can cause service interruptions, which in sectors like finance, telecommunications, healthcare, and government could lead to operational downtime and potential compliance issues under regulations like GDPR if service availability is affected. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system reliability and prevent potential exploitation by attackers aiming to cause denial of service in targeted environments.
Mitigation Recommendations
To mitigate CVE-2024-38595, affected organizations should apply the official Linux kernel patches that align the peer devlink set logic with the devlink registration flow as soon as they become available. Kernel upgrades to versions including this fix are recommended. In environments where immediate patching is not feasible, administrators should monitor kernel logs for warnings related to devlink_rel_nested_in_add and mlx5 devices to detect potential triggering of this issue. Limiting or controlling workloads that perform peer devlink set operations on SF representor ports can reduce exposure. Additionally, testing kernel updates in staging environments before production deployment is advisable to ensure stability. Organizations should also maintain updated backups and have incident response plans for potential kernel crashes or service disruptions. Network administrators should review the use of mlx5 devices and consider fallback or redundancy strategies to minimize impact during patch deployment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-18T19:36:34.931Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbdde1c
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 3:55:45 AM
Last updated: 8/6/2025, 9:39:03 AM
Views: 11
Related Threats
CVE-2025-50610: n/a
HighCVE-2025-50609: n/a
HighCVE-2025-50608: n/a
HighCVE-2025-55194: CWE-248: Uncaught Exception in Part-DB Part-DB-server
MediumCVE-2025-55197: CWE-400: Uncontrolled Resource Consumption in py-pdf pypdf
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.