{"id":"CVE-2024-56717","summary":"net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()\n\nPackets injected by the CPU should have a SRC_PORT field equal to the\nCPU port module index in the Analyzer block (ocelot-\u003enum_phys_ports).\n\nThe blamed commit copied the ocelot_ifh_set_basic() call incorrectly\nfrom ocelot_xmit_common() in net/dsa/tag_ocelot.c. Instead of calling\nwith \"x\", it calls with BIT_ULL(x), but the field is not a port mask,\nbut rather a single port index.\n\n[ side note: this is the technical debt of code duplication :( ]\n\nThe error used to be silent and doesn't appear to have other\nuser-visible manifestations, but with new changes in the packing\nlibrary, it now fails loudly as follows:\n\n------------[ cut here ]------------\nCannot store 0x40 inside bits 46-43 - will truncate\nsja1105 spi2.0: xmit timed out\nWARNING: CPU: 1 PID: 102 at lib/packing.c:98 __pack+0x90/0x198\nsja1105 spi2.0: timed out polling for tstamp\nCPU: 1 UID: 0 PID: 102 Comm: felix_xmit\nTainted: G        W        N 6.13.0-rc1-00372-gf706b85d972d-dirty #2605\nCall trace:\n __pack+0x90/0x198 (P)\n __pack+0x90/0x198 (L)\n packing+0x78/0x98\n ocelot_ifh_set_basic+0x260/0x368\n ocelot_port_inject_frame+0xa8/0x250\n felix_port_deferred_xmit+0x14c/0x258\n kthread_worker_fn+0x134/0x350\n kthread+0x114/0x138\n\nThe code path pertains to the ocelot switchdev driver and to the felix\nsecondary DSA tag protocol, ocelot-8021q. Here seen with ocelot-8021q.\n\nThe messenger (packing) is not really to blame, so fix the original\ncommit instead.","modified":"2026-04-16T04:37:27.814222070Z","published":"2024-12-29T08:48:49.958Z","related":["USN-7379-2","USN-7380-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56717.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2d5df3a680ffdaf606baa10636bdb1daf757832e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2f3c62ffe88116cd2a39cd73e01103535599970f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/59c4ca8d8d7918eb6e2df91d2c254827264be309"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a8836eae3288c351acd3b2743d2fad2a4ee2bd56"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56717.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56717"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"06bcb9032e05ad717f9fd0a6e2fd3ae7f430fa31"},{"fixed":"59c4ca8d8d7918eb6e2df91d2c254827264be309"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ff7f554bbd75d5cbf00cded81d05147c6617e876"},{"fixed":"2f3c62ffe88116cd2a39cd73e01103535599970f"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e1b9e80236c540fa85d76e2d510d1b38e1968c5d"},{"fixed":"a8836eae3288c351acd3b2743d2fad2a4ee2bd56"},{"fixed":"2d5df3a680ffdaf606baa10636bdb1daf757832e"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"be3a532167dd562ec38900c846e7ae6cc39aa2f1"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56717.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}