{"id":"CVE-2024-26858","summary":"net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map\n\nJust simply reordering the functions mlx5e_ptp_metadata_map_put and\nmlx5e_ptpsq_track_metadata in the mlx5e_txwqe_complete context is not good\nenough since both the compiler and CPU are free to reorder these two\nfunctions. If reordering does occur, the issue that was supposedly fixed by\n7e3f3ba97e6c (\"net/mlx5e: Track xmit submission to PTP WQ after populating\nmetadata map\") will be seen. This will lead to NULL pointer dereferences in\nmlx5e_ptpsq_mark_ts_cqes_undelivered in the NAPI polling context due to the\ntracking list being populated before the metadata map.","modified":"2026-03-20T12:35:16.153023Z","published":"2024-04-17T10:17:19.757Z","related":["ALSA-2024:4583","SUSE-SU-2024:2135-1","SUSE-SU-2024:2203-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20249-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26858.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/936ef086161ab89a7f38f7a0761d6a3063c3277e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b7cf07586c40f926063d4d09f7de28ff82f62b2a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d1f71615dbb305f14f3b756cce015d70d8667549"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26858.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26858"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4d510506b46504664eacf8a44a9e8f3e54c137b8"},{"fixed":"d1f71615dbb305f14f3b756cce015d70d8667549"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7e3f3ba97e6cc6fce5bf62df2ca06c8e59040167"},{"fixed":"936ef086161ab89a7f38f7a0761d6a3063c3277e"},{"fixed":"b7cf07586c40f926063d4d09f7de28ff82f62b2a"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"a9d6c0c5a6bd9ca88e964f8843ea41bc085de866"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26858.json"}}],"schema_version":"1.7.5"}