You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
mlxsw
About this tag
The mlxsw tag covers the Linux kernel driver for Mellanox/NVIDIA Spectrum switches, with a focus on security vulnerabilities and patches. Recent discussions highlight CVE-2024-42073, a memory-corruption bug in Spectrum-4 hardware affecting Azure Linux, and CVE-2024-35853 and CVE-2024-35854, which involve memory leaks and use-after-free flaws in the ACL TCAM rehash code. These issues can cause denial of service or system crashes. The content provides patch guidance and emphasizes the importance of updating affected systems. Operators of Mellanox-based networking gear will find practical information on identifying, understanding, and mitigating these kernel-level risks.
The Linux kernel flaw tracked as CVE‑2024‑42073 — a memory‑corruption bug in the Mellanox/NVIDIA mlxsw driver’s spectrum_buffers code that affects Spectrum‑4 hardware — is real, patched upstream, and important for operators of RDMA and Mellanox‑based networking gear; Microsoft’s public advisory...
A subtle defect in Mellanox's mlxsw Spectrum ACL TCAM code — tracked as CVE-2024-35853 — can leak kernel memory during the driver’s background “rehash” work, permitting attackers to gradually exhaust system resources and produce sustained or persistent denial-of-service conditions on affected...
A small timing bug in the Mellanox (mlxsw) Spectrum ACL TCAM code can let background rehash work destroy a region still referenced by active filter entries, producing a classic kernel use‑after‑free that leads to crashes and sustained denial of service — the flaw is tracked as CVE‑2024‑35854 and...