CVE-2024-36006

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The issue arises from the incorrect usage of the list API in the Linux kernel, specifically in the mlxsw spectrum acl tcam module. The functions that migrate chunks within a region and entries within a chunk call list first entry() on the respective lists without checking if the lists are empty. This leads to a warning and can be resolved by returning if the lists are empty, as there is nothing to migrate in such cases. The vulnerability is related to the mlxsw sp acl tcam vchunk migrate all and mlxsw sp acl tcam vregion rehash work functions.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.37 or later. If updating is not possible, consider temporarily disabling the mlxsw spectrum acl tcam module to minimize the risk of exploitation. However, this might have implications for the functionality of the affected systems, and it is recommended to update the kernel as soon as possible for a permanent fix.

At the moment, there is no information about other workarounds or configuration changes that could mitigate this vulnerability without updating the kernel.