CVE-2024-35854

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The issue is related to a possible use-after-free during rehash in the mlxsw spectrum acl tcam module. The rehash delayed work migrates filters from one region to another according to the number of available credits. However, the assumption that a non-negative number of credits indicates migration being complete is incorrect, as it can also result from a failed migration. This can lead to the destruction of a region that still has filters referencing it, resulting in a use-after-free. The fix is to not destroy the region if migration failed.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the mlxsw sp acl tcam vregion rehash work function until a patch is available. Restrict access to the vulnerable module mlxsw sp acl tcam to minimize the risk of exploitation. Avoid using the mlxsw sp acl ctcam region entry remove function in the affected API endpoint until the issue is resolved.