CVE-2024-56717

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue is related to the net: mscc: ocelot: fix incorrect IFH SRC PORT field in ocelot ifh set basic() function. Packets injected by the CPU should have a SRC PORT field equal to the CPU port module index in the Analyzer block. The error used to be silent but now fails loudly due to new changes in the packing library. The code path pertains to the ocelot switchdev driver and the felix secondary DSA tag protocol, ocelot-8021q.

Recommendations To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider disabling the ocelot ifh set basic() function until a patch is available. Restrict access to the vulnerable module net/dsa/tag ocelot.c to minimize the risk of exploitation. Avoid using the BIT ULL(x) function in the affected API endpoint until the issue is resolved.