CVE-2024-36007

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The Linux kernel has a vulnerability in the mlxsw spectrum acl tcam module. The rehash delayed work migrates filters from one region to another by iterating over all chunks and filters. When the work runs out of credits, it stores the current chunk and entry as markers, but upon error, the chunk marker is reset to NULL without resetting the entry markers. This can lead to migration being resumed from an entry that does not belong to the chunk being migrated, resulting in warnings. The fix involves creating a helper to reset all markers and calling it from all places that currently only reset the chunk marker.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.37 or later. If updating is not possible, consider disabling the mlxsw spectrum acl tcam module as a temporary workaround to minimize the risk of exploitation.