CVE-2024-50001 in Linuxinfo

Summary

by MITRE • 10/21/2024

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix error path in multi-packet WQE transmit

Remove the erroneous unmap in case no DMA mapping was established

The multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This could fail, e.g. under memory pressure, when the IOMMU driver just can't allocate more memory for page tables. While the code tries to handle this in the path below the err_unmap label it erroneously unmaps one entry from the sq's FIFO list of active mappings. Since the current map attempt failed this unmap is removing some random DMA mapping that might still be required. If the PCI function now presents that IOVA, the IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI function in error state.

The erroneous behavior was seen in a stress-test environment that created memory pressure.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 03/22/2026

The vulnerability identified as CVE-2024-50001 affects the Linux kernel's Mellanox ConnectX network driver implementation, specifically within the multi-packet Work Queue Element (WQE) transmit functionality. This issue represents a critical flaw in the kernel's DMA mapping error handling mechanism that can lead to system instability and potential security implications. The vulnerability manifests when the network driver attempts to establish DMA mappings for socket buffer (skb) data structures during packet transmission operations. The underlying problem occurs in the driver's handling of memory allocation failures during the DMA mapping process, where the code incorrectly attempts to unmap a DMA entry that was never actually mapped in the first place.

The technical flaw stems from improper error path management within the Mellanox mlx5 driver's transmit code, specifically in how it handles failed DMA mapping operations. When the system experiences memory pressure or IOMMU driver limitations prevent allocation of additional page table entries, the DMA mapping attempt fails and the code should only clean up the resources it actually allocated. However, the current implementation contains a logic error where it unconditionally removes an entry from the send queue's (sq) FIFO list of active mappings regardless of whether the mapping operation succeeded or failed. This erroneous behavior creates a scenario where the driver removes a valid DMA mapping from the active list, potentially leaving the system in an inconsistent state where the IOMMU believes a rogue DMA access is occurring. The issue is classified under CWE-129 as an "Improper Validation of Array Index" and can be mapped to ATT&CK technique T1059.001 for privilege escalation through kernel exploitation.

The operational impact of this vulnerability extends beyond simple system instability to potentially compromise system integrity and availability. Under stress-test conditions that simulate memory pressure scenarios, the erroneous unmap operation can cause the PCI function to be placed in an error state, particularly on s390 systems where the IOMMU implementation is more strict about DMA access validation. This can result in complete network interface failure, requiring system reboot or manual intervention to restore normal operation. The vulnerability is particularly concerning because it can be triggered through normal network traffic patterns under memory-constrained conditions, making it difficult to detect and prevent. Attackers could potentially exploit this weakness to cause denial of service attacks against network services or to gain elevated privileges through kernel memory corruption, as the improper DMA mapping cleanup could lead to memory corruption in kernel space. The vulnerability affects systems running Linux kernel versions that include the mlx5 driver implementation, particularly those with Mellanox network adapters and IOMMU enabled configurations. Organizations should implement immediate mitigations including kernel updates, IOMMU parameter tuning, and monitoring for unusual PCI function error states to prevent exploitation of this vulnerability.

The fix for CVE-2024-50001 involves modifying the error handling code to ensure that DMA unmapping operations only occur for mappings that were successfully established. This requires careful validation of the DMA mapping result before attempting any cleanup operations, preventing the removal of invalid entries from the active mapping list. The solution aligns with security best practices for kernel driver development and proper resource management, ensuring that all allocated resources are properly tracked and cleaned up only when necessary. System administrators should prioritize applying the relevant kernel patches to address this vulnerability and monitor for any signs of system instability or PCI function errors that may indicate exploitation attempts.

Responsible

Linux

Reservation

10/21/2024

Disclosure

10/21/2024

Moderation

accepted

CPE

ready

EPSS

0.00315

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!