CVE-2024-47687: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy Certain error paths from mlx5_vdpa_dev_add() can end up releasing mr resources which never got initialized in the first place. This patch adds the missing check in mlx5_vdpa_destroy_mr_resources() to block releasing non-initialized mr resources. Reference trace: mlx5_core 0000:08:00.2: mlx5_vdpa_dev_add:3274:(pid 2700) warning: No mac address provisioned? BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 140216067 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 8 PID: 2700 Comm: vdpa Kdump: loaded Not tainted 5.14.0-496.el9.x86_64 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb] Code: [...] RSP: 0018:ff1c823ac23077f0 EFLAGS: 00010246 RAX: ffffffffc1a21a60 RBX: ffffffff899567a0 RCX: 0000000000000000 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000000000000 RBP: ff1bda1f7c21e800 R08: 0000000000000000 R09: ff1c823ac2307670 R10: ff1c823ac2307668 R11: ffffffff8a9e7b68 R12: 0000000000000000 R13: 0000000000000000 R14: ff1bda1f43e341a0 R15: 00000000ffffffea FS: 00007f56eba7c740(0000) GS:ff1bda269f800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000104d90001 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa] ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? __irq_work_queue_local+0x2b/0xc0 ? irq_work_queue+0x2c/0x50 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? __pfx_mlx5_vdpa_free+0x10/0x10 [mlx5_vdpa] ? vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb] mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa] vdpa_release_dev+0x1e/0x50 [vdpa] device_release+0x31/0x90 kobject_cleanup+0x37/0x130 mlx5_vdpa_dev_add+0x2d2/0x7a0 [mlx5_vdpa] vdpa_nl_cmd_dev_add_set_doit+0x277/0x4c0 [vdpa] genl_family_rcv_msg_doit+0xd9/0x130 genl_family_rcv_msg+0x14d/0x220 ? __pfx_vdpa_nl_cmd_dev_add_set_doit+0x10/0x10 [vdpa] ? _copy_to_user+0x1a/0x30 ? move_addr_to_user+0x4b/0xe0 genl_rcv_msg+0x47/0xa0 ? __import_iovec+0x46/0x150 ? __pfx_genl_rcv_msg+0x10/0x10 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x245/0x370 netlink_sendmsg+0x206/0x440 __sys_sendto+0x1dc/0x1f0 ? do_read_fault+0x10c/0x1d0 ? do_pte_missing+0x10d/0x190 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x5c/0xf0 ? __count_memcg_events+0x4f/0xb0 ? mm_account_fault+0x6c/0x100 ? handle_mm_fault+0x116/0x270 ? do_user_addr_fault+0x1d6/0x6a0 ? do_syscall_64+0x6b/0xf0 ? clear_bhb_loop+0x25/0x80 ? clear_bhb_loop+0x25/0x80 ? clear_bhb_loop+0x25/0x80 ? clear_bhb_loop+0x25/0x80 ? clear_bhb_loop+0x25/0x80 entry_SYSCALL_64_after_hwframe+0x78/0x80
AI Analysis
Technical Summary
CVE-2024-47687 is a vulnerability identified in the Linux kernel, specifically within the mlx5_vdpa driver component that handles vDPA (virtio Data Path Acceleration) devices using Mellanox (now part of NVIDIA) mlx5 hardware. The flaw arises from improper handling of memory region (mr) resources during error paths in the mlx5_vdpa_dev_add() function. Certain error conditions cause the kernel to attempt to release mr resources that were never properly initialized. This leads to a NULL pointer dereference in the mlx5_vdpa_destroy_mr_resources() function, which lacks the necessary checks to prevent releasing uninitialized resources. The consequence is a kernel crash (BUG) due to a NULL pointer dereference, resulting in a denial of service (DoS) condition. The detailed kernel oops trace shows the fault occurring in vhost_iotlb_del_range(), triggered during device addition or release operations. This vulnerability affects Linux kernel versions including but not limited to the commit referenced (512c0cdd80c19ec11f6dbe769d5899dcfefcd5c9). The issue was patched by adding proper checks to prevent releasing uninitialized mr resources. No known exploits are reported in the wild as of the publication date (October 21, 2024).
Potential Impact
For European organizations, the impact of CVE-2024-47687 primarily manifests as a potential denial of service on systems running affected Linux kernels with mlx5_vdpa enabled. This is particularly relevant for data centers, cloud providers, and enterprises leveraging virtualized environments with vDPA acceleration for network performance, especially those using Mellanox mlx5 hardware. A successful exploitation could cause kernel crashes, leading to service interruptions, degraded availability of critical infrastructure, and potential cascading failures in multi-tenant environments. While this vulnerability does not directly lead to privilege escalation or data leakage, the resulting instability could disrupt business operations, affect service level agreements, and increase operational costs due to downtime and recovery efforts. Organizations relying on high-availability Linux-based network acceleration or virtualization platforms should be aware of this risk.
Mitigation Recommendations
To mitigate CVE-2024-47687, European organizations should: 1) Apply the official Linux kernel patches that address the mlx5_vdpa resource management flaw as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Audit and monitor systems using mlx5_vdpa devices for unusual kernel oops or crashes indicative of this issue. 3) Temporarily disable mlx5_vdpa functionality if patching is not immediately feasible, especially in production environments where stability is critical. 4) Implement robust kernel crash recovery and monitoring mechanisms to minimize downtime in case of exploitation. 5) Engage with hardware vendors and Linux distribution providers to ensure timely updates and support. 6) Conduct thorough testing of patched kernels in staging environments before deployment to production to avoid regressions. These steps go beyond generic advice by focusing on the specific driver and hardware involved and emphasizing operational continuity.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium
CVE-2024-47687: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy Certain error paths from mlx5_vdpa_dev_add() can end up releasing mr resources which never got initialized in the first place. This patch adds the missing check in mlx5_vdpa_destroy_mr_resources() to block releasing non-initialized mr resources. Reference trace: mlx5_core 0000:08:00.2: mlx5_vdpa_dev_add:3274:(pid 2700) warning: No mac address provisioned? BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 140216067 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 8 PID: 2700 Comm: vdpa Kdump: loaded Not tainted 5.14.0-496.el9.x86_64 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb] Code: [...] RSP: 0018:ff1c823ac23077f0 EFLAGS: 00010246 RAX: ffffffffc1a21a60 RBX: ffffffff899567a0 RCX: 0000000000000000 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000000000000 RBP: ff1bda1f7c21e800 R08: 0000000000000000 R09: ff1c823ac2307670 R10: ff1c823ac2307668 R11: ffffffff8a9e7b68 R12: 0000000000000000 R13: 0000000000000000 R14: ff1bda1f43e341a0 R15: 00000000ffffffea FS: 00007f56eba7c740(0000) GS:ff1bda269f800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000104d90001 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa] ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? __irq_work_queue_local+0x2b/0xc0 ? irq_work_queue+0x2c/0x50 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? __pfx_mlx5_vdpa_free+0x10/0x10 [mlx5_vdpa] ? vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb] mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa] vdpa_release_dev+0x1e/0x50 [vdpa] device_release+0x31/0x90 kobject_cleanup+0x37/0x130 mlx5_vdpa_dev_add+0x2d2/0x7a0 [mlx5_vdpa] vdpa_nl_cmd_dev_add_set_doit+0x277/0x4c0 [vdpa] genl_family_rcv_msg_doit+0xd9/0x130 genl_family_rcv_msg+0x14d/0x220 ? __pfx_vdpa_nl_cmd_dev_add_set_doit+0x10/0x10 [vdpa] ? _copy_to_user+0x1a/0x30 ? move_addr_to_user+0x4b/0xe0 genl_rcv_msg+0x47/0xa0 ? __import_iovec+0x46/0x150 ? __pfx_genl_rcv_msg+0x10/0x10 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x245/0x370 netlink_sendmsg+0x206/0x440 __sys_sendto+0x1dc/0x1f0 ? do_read_fault+0x10c/0x1d0 ? do_pte_missing+0x10d/0x190 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x5c/0xf0 ? __count_memcg_events+0x4f/0xb0 ? mm_account_fault+0x6c/0x100 ? handle_mm_fault+0x116/0x270 ? do_user_addr_fault+0x1d6/0x6a0 ? do_syscall_64+0x6b/0xf0 ? clear_bhb_loop+0x25/0x80 ? clear_bhb_loop+0x25/0x80 ? clear_bhb_loop+0x25/0x80 ? clear_bhb_loop+0x25/0x80 ? clear_bhb_loop+0x25/0x80 entry_SYSCALL_64_after_hwframe+0x78/0x80
AI-Powered Analysis
Technical Analysis
CVE-2024-47687 is a vulnerability identified in the Linux kernel, specifically within the mlx5_vdpa driver component that handles vDPA (virtio Data Path Acceleration) devices using Mellanox (now part of NVIDIA) mlx5 hardware. The flaw arises from improper handling of memory region (mr) resources during error paths in the mlx5_vdpa_dev_add() function. Certain error conditions cause the kernel to attempt to release mr resources that were never properly initialized. This leads to a NULL pointer dereference in the mlx5_vdpa_destroy_mr_resources() function, which lacks the necessary checks to prevent releasing uninitialized resources. The consequence is a kernel crash (BUG) due to a NULL pointer dereference, resulting in a denial of service (DoS) condition. The detailed kernel oops trace shows the fault occurring in vhost_iotlb_del_range(), triggered during device addition or release operations. This vulnerability affects Linux kernel versions including but not limited to the commit referenced (512c0cdd80c19ec11f6dbe769d5899dcfefcd5c9). The issue was patched by adding proper checks to prevent releasing uninitialized mr resources. No known exploits are reported in the wild as of the publication date (October 21, 2024).
Potential Impact
For European organizations, the impact of CVE-2024-47687 primarily manifests as a potential denial of service on systems running affected Linux kernels with mlx5_vdpa enabled. This is particularly relevant for data centers, cloud providers, and enterprises leveraging virtualized environments with vDPA acceleration for network performance, especially those using Mellanox mlx5 hardware. A successful exploitation could cause kernel crashes, leading to service interruptions, degraded availability of critical infrastructure, and potential cascading failures in multi-tenant environments. While this vulnerability does not directly lead to privilege escalation or data leakage, the resulting instability could disrupt business operations, affect service level agreements, and increase operational costs due to downtime and recovery efforts. Organizations relying on high-availability Linux-based network acceleration or virtualization platforms should be aware of this risk.
Mitigation Recommendations
To mitigate CVE-2024-47687, European organizations should: 1) Apply the official Linux kernel patches that address the mlx5_vdpa resource management flaw as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Audit and monitor systems using mlx5_vdpa devices for unusual kernel oops or crashes indicative of this issue. 3) Temporarily disable mlx5_vdpa functionality if patching is not immediately feasible, especially in production environments where stability is critical. 4) Implement robust kernel crash recovery and monitoring mechanisms to minimize downtime in case of exploitation. 5) Engage with hardware vendors and Linux distribution providers to ensure timely updates and support. 6) Conduct thorough testing of patched kernels in staging environments before deployment to production to avoid regressions. These steps go beyond generic advice by focusing on the specific driver and hardware involved and emphasizing operational continuity.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-30T16:00:12.941Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe0505
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 7:39:44 PM
Last updated: 8/1/2025, 12:29:53 AM
Views: 15
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.