{"vulnerability": "CVE-2024-50042", "sightings": [{"uuid": "bb7615c7-6b37-45ef-8611-519dafac0965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50042", "type": "seen", "source": "https://t.me/cvedetector/8560", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50042 - Integrity Canada Emotional: Linux ice MSI-X Array Realloc Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50042 \nPublished : Oct. 21, 2024, 8:15 p.m. | 16\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nice: Fix increasing MSI-X on VF  \n  \nIncreasing MSI-X value on a VF leads to invalid memory operations. This  \nis caused by not reallocating some arrays.  \n  \nReproducer:  \n  modprobe ice  \n  echo 0 > /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe  \n  echo 1 > /sys/bus/pci/devices/$PF_PCI/sriov_numvfs  \n  echo 17 > /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_count  \n  \nDefault MSI-X is 16, so 17 and above triggers this issue.  \n  \nKASAN reports:  \n  \n  BUG: KASAN: slab-out-of-bounds in ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]  \n  Read of size 8 at addr ffff8888b937d180 by task bash/28433  \n  (...)  \n  \n  Call Trace:  \n   (...)  \n   ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]  \n   kasan_report+0xed/0x120  \n   ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]  \n   ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]  \n   ice_vsi_cfg_def+0x3360/0x4770 [ice]  \n   ? mutex_unlock+0x83/0xd0  \n   ? __pfx_ice_vsi_cfg_def+0x10/0x10 [ice]  \n   ? __pfx_ice_remove_vsi_lkup_fltr+0x10/0x10 [ice]  \n   ice_vsi_cfg+0x7f/0x3b0 [ice]  \n   ice_vf_reconfig_vsi+0x114/0x210 [ice]  \n   ice_sriov_set_msix_vec_count+0x3d0/0x960 [ice]  \n   sriov_vf_msix_count_store+0x21c/0x300  \n   (...)  \n  \n  Allocated by task 28201:  \n   (...)  \n   ice_vsi_cfg_def+0x1c8e/0x4770 [ice]  \n   ice_vsi_cfg+0x7f/0x3b0 [ice]  \n   ice_vsi_setup+0x179/0xa30 [ice]  \n   ice_sriov_configure+0xcaa/0x1520 [ice]  \n   sriov_numvfs_store+0x212/0x390  \n   (...)  \n  \nTo fix it, use ice_vsi_rebuild() instead of ice_vf_reconfig_vsi(). This  \ncauses the required arrays to be reallocated taking the new queue count  \ninto account (ice_vsi_realloc_stat_arrays()). Set req_txq and req_rxq  \nbefore ice_vsi_rebuild(), so that realloc uses the newly set queue  \ncount.  \n  \nAdditionally, ice_vsi_rebuild() does not remove VSI filters  \n(ice_fltr_remove_all()), so ice_vf_init_host_cfg() is no longer  \nnecessary. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T22:43:12.000000Z"}]}