CVE-2024-35853

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description A memory leak vulnerability has been identified in the Linux kernel, specifically in the mlxsw spectrum acl tcam component. This issue occurs during the rehash process, where filters are migrated from one region to another. If the migration fails, the code attempts to roll back to the previous region, but this rollback can also fail, leading to a memory leak. The vulnerability is caused by the assumption that the backup chunk does not exist if the currently used chunk does not reference the target region, which breaks when rolling back a rollback. This results in the backup chunk being overwritten and leaked.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the mlxsw sp acl tcam vregion rehash work function until a patch is available. Restrict access to the vulnerable mlxsw module to minimize the risk of exploitation. Avoid using the vchunk->chunk and vchunk->chunk2 variables in the affected API endpoints until the issue is resolved.