{"schema_version":"1.7.2","id":"OESA-2024-1864","modified":"2024-07-19T11:08:33Z","published":"2024-07-19T11:08:33Z","upstream":["CVE-2024-38540"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq\r\n\r\nUndefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called\nwith hwq_attr-\u0026gt;aux_depth != 0 and hwq_attr-\u0026gt;aux_stride == 0.\nIn that case, \u0026quot;roundup_pow_of_two(hwq_attr-\u0026gt;aux_stride)\u0026quot; gets called.\nroundup_pow_of_two is documented as undefined for 0.\r\n\r\nFix it in the one caller that had this combination.\r\n\r\nThe undefined behavior was detected by UBSAN:\n  UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13\n  shift exponent 64 is too large for 64-bit type \u0026apos;long unsigned int\u0026apos;\n  CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4\n  Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023\n  Call Trace:\n   \u0026lt;TASK\u0026gt;\n   dump_stack_lvl+0x5d/0x80\n   ubsan_epilogue+0x5/0x30\n   __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec\n   __roundup_pow_of_two+0x25/0x35 [bnxt_re]\n   bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]\n   bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]\n   bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? __kmalloc+0x1b6/0x4f0\n   ? create_qp.part.0+0x128/0x1c0 [ib_core]\n   ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]\n   create_qp.part.0+0x128/0x1c0 [ib_core]\n   ib_create_qp_kernel+0x50/0xd0 [ib_core]\n   create_mad_qp+0x8e/0xe0 [ib_core]\n   ? __pfx_qp_event_handler+0x10/0x10 [ib_core]\n   ib_mad_init_device+0x2be/0x680 [ib_core]\n   add_client_context+0x10d/0x1a0 [ib_core]\n   enable_device_and_get+0xe0/0x1d0 [ib_core]\n   ib_register_device+0x53c/0x630 [ib_core]\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   bnxt_re_probe+0xbd8/0xe50 [bnxt_re]\n   ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]\n   auxiliary_bus_probe+0x49/0x80\n   ? driver_sysfs_add+0x57/0xc0\n   really_probe+0xde/0x340\n   ? pm_runtime_barrier+0x54/0x90\n   ? __pfx___driver_attach+0x10/0x10\n   __driver_probe_device+0x78/0x110\n   driver_probe_device+0x1f/0xa0\n   __driver_attach+0xba/0x1c0\n   bus_for_each_dev+0x8f/0xe0\n   bus_add_driver+0x146/0x220\n   driver_register+0x72/0xd0\n   __auxiliary_driver_register+0x6e/0xd0\n   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n   bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]\n   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n   do_one_initcall+0x5b/0x310\n   do_init_module+0x90/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x121/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x82/0x160\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? syscall_exit_to_user_mode_prepare+0x149/0x170\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? syscall_exit_to_user_mode+0x75/0x230\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? do_syscall_64+0x8e/0x160\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? __count_memcg_events+0x69/0x100\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? count_memcg_events.constprop.0+0x1a/0x30\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? handle_mm_fault+0x1f0/0x300\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? do_user_addr_fault+0x34e/0x640\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  RIP: 0033:0x7f4e5132821d\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d\n  RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b\n  RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0\n  R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d\n  R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60\n   \u0026lt;/TASK\u0026gt;\n  ---[ end trace ]---(CVE-2024-38540)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-219.0.0.118.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["bpftool-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","kernel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","kernel-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","kernel-headers-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","kernel-source-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","kernel-tools-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","perf-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","python3-perf-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm","python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"],"src":["kernel-5.10.0-219.0.0.118.oe2203sp4.src.rpm"],"x86_64":["bpftool-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","kernel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","kernel-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","kernel-headers-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","kernel-source-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","kernel-tools-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","perf-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","python3-perf-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm","python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1864"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38540"}],"database_specific":{"severity":"Medium"}}