CVE-2024-43880

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The vulnerability is related to the mlxsw driver in the Linux kernel, which allows filters to share a single mask if their masks only differ in up to 8 consecutive bits. The driver uses the "objagg" library to perform mask aggregation, but the library does not support nested objects. The driver's object comparison function ignores the A-TCAM/C-TCAM indication, which can lead to nested objects and cause the library to return incorrect results. The issue can be reproduced in several minutes without the fix, but it does not reproduce in over an hour with the fix.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. This version includes the fix for the mlxsw driver, which removes the object comparison function from both the driver and the library, ensuring that the lookup only returns exact matches.