{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35975", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.143Z", "datePublished": "2024-05-20T09:42:01.758Z", "dateUpdated": "2024-12-19T08:59:26.993Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:59:26.993Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix transmit scheduler resource leak\n\nInorder to support shaping and scheduling, Upon class creation\nNetdev driver allocates trasmit schedulers.\n\nThe previous patch which added support for Round robin scheduling has\na bug due to which driver is not freeing transmit schedulers post\nclass deletion.\n\nThis patch fixes the same."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeontx2/nic/qos.c"], "versions": [{"version": "47a9656f168a4b76a1e069ed8a67924ea8c1ac43", "lessThan": "7af5582ea67209a23e44be9a9612ba7897be1f47", "status": "affected", "versionType": "git"}, {"version": "47a9656f168a4b76a1e069ed8a67924ea8c1ac43", "lessThan": "b34fe77a1b18654233e4e54b334fcaeddf487100", "status": "affected", "versionType": "git"}, {"version": "47a9656f168a4b76a1e069ed8a67924ea8c1ac43", "lessThan": "bccb798e07f8bb8b91212fe8ed1e421685449076", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeontx2/nic/qos.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.28", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.7", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7af5582ea67209a23e44be9a9612ba7897be1f47"}, {"url": "https://git.kernel.org/stable/c/b34fe77a1b18654233e4e54b334fcaeddf487100"}, {"url": "https://git.kernel.org/stable/c/bccb798e07f8bb8b91212fe8ed1e421685449076"}], "title": "octeontx2-pf: Fix transmit scheduler resource leak", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35975", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T19:18:47.313061Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:34:26.403Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.986Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7af5582ea67209a23e44be9a9612ba7897be1f47", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b34fe77a1b18654233e4e54b334fcaeddf487100", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bccb798e07f8bb8b91212fe8ed1e421685449076", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7af5582ea67209a23e44be9a9612ba7897be1f47", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b34fe77a1b18654233e4e54b334fcaeddf487100", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bccb798e07f8bb8b91212fe8ed1e421685449076", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.986Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35975", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T19:18:47.313061Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:18:51.020Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "octeontx2-pf: Fix transmit scheduler resource leak", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "47a9656f168a4b76a1e069ed8a67924ea8c1ac43", "lessThan": "7af5582ea67209a23e44be9a9612ba7897be1f47", "versionType": "git"}, {"status": "affected", "version": "47a9656f168a4b76a1e069ed8a67924ea8c1ac43", "lessThan": "b34fe77a1b18654233e4e54b334fcaeddf487100", "versionType": "git"}, {"status": "affected", "version": "47a9656f168a4b76a1e069ed8a67924ea8c1ac43", "lessThan": "bccb798e07f8bb8b91212fe8ed1e421685449076", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/marvell/octeontx2/nic/qos.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6"}, {"status": "unaffected", "version": "0", "lessThan": "6.6", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.28", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.7", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/marvell/octeontx2/nic/qos.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7af5582ea67209a23e44be9a9612ba7897be1f47"}, {"url": "https://git.kernel.org/stable/c/b34fe77a1b18654233e4e54b334fcaeddf487100"}, {"url": "https://git.kernel.org/stable/c/bccb798e07f8bb8b91212fe8ed1e421685449076"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix transmit scheduler resource leak\n\nInorder to support shaping and scheduling, Upon class creation\nNetdev driver allocates trasmit schedulers.\n\nThe previous patch which added support for Round robin scheduling has\na bug due to which driver is not freeing transmit schedulers post\nclass deletion.\n\nThis patch fixes the same."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:59:26.993Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35975", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:59:26.993Z", "dateReserved": "2024-05-17T13:50:33.143Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-20T09:42:01.758Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "54CE4EE1-C720-47E5-B190-A9E343A08775", "versionEndExcluding": "6.6.28", "versionStartIncluding": "6.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "531BDFB5-EF6A-4707-902E-146368303499", "versionEndExcluding": "6.8.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix transmit scheduler resource leak\n\nInorder to support shaping and scheduling, Upon class creation\nNetdev driver allocates trasmit schedulers.\n\nThe previous patch which added support for Round robin scheduling has\na bug due to which driver is not freeing transmit schedulers post\nclass deletion.\n\nThis patch fixes the same."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: octeontx2-pf: corrige la fuga de recursos del programador de transmisi\u00f3n. Para admitir la configuraci\u00f3n y la programaci\u00f3n, al crear la clase, el controlador Netdev asigna programadores de transmisi\u00f3n. El parche anterior que agreg\u00f3 soporte para la programaci\u00f3n por turnos tiene un error debido a que el controlador no libera los programadores de transmisi\u00f3n despu\u00e9s de la eliminaci\u00f3n de la clase. Este parche soluciona lo mismo."}], "id": "CVE-2024-35975", "lastModified": "2025-01-14T16:38:39.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-20T10:15:12.210", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7af5582ea67209a23e44be9a9612ba7897be1f47"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b34fe77a1b18654233e4e54b334fcaeddf487100"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bccb798e07f8bb8b91212fe8ed1e421685449076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7af5582ea67209a23e44be9a9612ba7897be1f47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b34fe77a1b18654233e4e54b334fcaeddf487100"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bccb798e07f8bb8b91212fe8ed1e421685449076"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: octeontx2-pf: Fix transmit scheduler resource leak", "id": "2281887", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281887"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nocteontx2-pf: Fix transmit scheduler resource leak\nInorder to support shaping and scheduling, Upon class creation\nNetdev driver allocates trasmit schedulers.\nThe previous patch which added support for Round robin scheduling has\na bug due to which driver is not freeing transmit schedulers post\nclass deletion.\nThis patch fixes the same.", "A flaw was found in the rvu_nicvf module in the Linux kernel. A resource leak can occur due to an improper release of the transmit schedulers, potentially impacting system performance and resulting in a denial of service."], "name": "CVE-2024-35975", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35975\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35975\nhttps://lore.kernel.org/linux-cve-announce/2024052024-CVE-2024-35975-1696@gregkh/T"], "statement": "The rvu_nicvf module in the Linux kernel as shipped in Red Hat Enterprise Linux 8 and 9 is not affected by this vulnerability because the vulnerable code was introduced in a newer version of the Linux kernel.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.28, kernel 6.8.7, kernel 6.9"}