In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly accessed by configuring an index register that selects the row to read or write to. This means that operations must be atomic in order to, e.g., avoid spreading writes across multiple rows. Since the shadow SRAM array is used to find free rows in the hardware table, it must also be protected in order to avoid TOCTOU errors where multiple cores allocate the same row. This issue was detected in a situation where `mvpp2_set_rx_mode()` ran concurrently on two CPUs. In this particular case the MVPP2_PE_MAC_UC_PROMISCUOUS entry was corrupted, causing the classifier unit to drop all incoming unicast - indicated by the `rx_classifier_drops` counter.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mvpp2: Prevenir la corrupción de memoria TCAM del analizador Proteja la memoria TCAM/SRAM del analizador y la información SRAM en caché (shadow) de modificaciones simultáneas. Se accede indirectamente a las tablas TCAM y SRAM configurando un registro de índice que selecciona la fila en la que leer o escribir. Esto significa que las operaciones deben ser atómicas para, por ejemplo, evitar propagar escrituras en varias filas. Dado que la matriz shadow SRAM se utiliza para encontrar filas libres en la tabla de hardware, también debe protegerse para evitar errores TOCTOU en los que varios núcleos asignan la misma fila. Este problema se detectó en una situación en la que `mvpp2_set_rx_mode()` se ejecutaba simultáneamente en dos CPU. En este caso particular, la entrada MVPP2_PE_MAC_UC_PROMISCUOUS estaba dañada, lo que provocaba que la unidad clasificadora descartara toda la unidifusión entrante, lo que se indica mediante el contador `rx_classifier_drops`.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-367
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b70377140> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b70376440> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdc59e140> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bde167b00> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bde166740> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bde164580> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |