QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-50296

Back to search

CVE-2024-50296

Published: Nov 19, 2024

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, a kernel crash occurs. The reason is that the two actions call function pci_disable_sriov(). The num_VFs is checked to determine whether to release the corresponding resources. During the second calling, num_VFs is not 0 and the resource release function is called. However, the corresponding resource has been released during the first invoking. Therefore, the problem occurs: [15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ... [15278.131557][T50670] Call trace: [15278.134686][T50670] klist_put+0x28/0x12c [15278.138682][T50670] klist_del+0x14/0x20 [15278.142592][T50670] device_del+0xbc/0x3c0 [15278.146676][T50670] pci_remove_bus_device+0x84/0x120 [15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80 [15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c [15278.162485][T50670] sriov_disable+0x50/0x11c [15278.166829][T50670] pci_disable_sriov+0x24/0x30 [15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3] [15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge] [15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230 [15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30 [15278.193848][T50670] invoke_syscall+0x50/0x11c [15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164 [15278.203837][T50670] do_el0_svc+0x34/0xcc [15278.207834][T50670] el0_svc+0x20/0x30 For details, see the following figure. rmmod hclge disable VFs ---------------------------------------------------- hclge_exit() sriov_numvfs_store() ... device_lock() pci_disable_sriov() hns3_pci_sriov_configure() pci_disable_sriov() sriov_disable() sriov_disable() if !num_VFs : if !num_VFs : return; return; sriov_del_vfs() sriov_del_vfs() ... ... klist_put() klist_put() ... ... num_VFs = 0; num_VFs = 0; device_unlock(); In this patch, when driver is removing, we get the device_lock() to protect num_VFs, just like sriov_numvfs_store().

VendorProductVersions

Linux

Linux

affected
b06ad258e01389ca3ff13bc180f3fcd6a608f1cd - < a0df055775f30850c0da8f7dab40d67c0fd63908
affected
c4b64011e458aa2b246cd4e42012cfd83d2d9a5c - < 7ae4e56de7dbd0999578246a536cf52a63f4056d
affected
d36b15e3e7b5937cb1f6ac590a85facc3a320642 - < 590a4b2d4e0b73586e88bce9b8135b593355ec09
affected
0dd8a25f355b4df2d41c08df1716340854c7d4c5 - < e36482b222e00cc7aeeea772fc0cf2943590bc4d
affected
0dd8a25f355b4df2d41c08df1716340854c7d4c5 - < 76b155e14d9b182ce83d32ada2d0d7219ea8c8dd

+8 more versions

Linux

Linux

affected
5.15
unaffected
0 - < 5.15
unaffected
4.19.324 - <= 4.19.*
unaffected
5.4.286 - <= 5.4.*
unaffected
5.10.230 - <= 5.10.*

+5 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now