CVE-2024-56717

Summary

CVE-2024-56717 is a vulnerability affecting the Linux kernel's net:mscc:ocelot component. The issue arises due to an incorrect call in ocelot_ifh_set_basic() function, where the SRC_PORT field is not set correctly. This field should hold the CPU port module index, but the misplaced commit copied the function call incorrectly, leading to the use of BIT_ULL(x) instead of the expected port index. The error was previously silent and didn't present any noticeable symptoms. However, recent changes in the packing library have resulted in a loud failure, causing the system to display errors such as "Cannot store 0x40 inside bits 46-43 - will truncate" and "spi2.0: xmit timed out." This vulnerability impacts the ocelot switchdev driver and the felix secondary DSA tag protocol (ocelot-8021q). The root cause is a copy-paste error, and the actual issue lies in the original commit. Therefore, the suggested solution is to fix the original commit instead of blaming the packing library.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.