Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:net: mvpp2: Prevent parser TCAM memory corruptionProtect the parser TCAM/SRAM memory, and the cached (shadow) SRAMinformation, from concurrent modifications.Both the TCAM and SRAM tables are indirectly accessed by configuringan index register that selects the row to read or write to. This meansthat operations must be atomic in order to, e.g., avoid spreadingwrites across multiple rows. Since the shadow SRAM array is used tofind free rows in the hardware table, it must also be protected inorder to avoid TOCTOU errors where multiple cores allocate the samerow.This issue was detected in a situation where `mvpp2_set_rx_mode()` ranconcurrently on two CPUs. In this particular case theMVPP2_PE_MAC_UC_PROMISCUOUS entry was corrupted, causing theclassifier unit to drop all incoming unicast - indicated by the`rx_classifier_drops` counter.
No PoCs from references.
- https://github.com/w4zu/Debian_security