5.5

CVE-2023-53079

net/mlx5: Fix steering rules cleanup

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix steering rules cleanup

vport's mc, uc and multicast rules are not deleted in teardown path when
EEH happens. Since the vport's promisc settings(uc, mc and all) in
firmware are reset after EEH, mlx5 driver will try to delete the above
rules in the initialization path. This cause kernel crash because these
software rules are no longer valid.

Fix by nullifying these rules right after delete to avoid accessing any dangling
pointers.

Call Trace:
__list_del_entry_valid+0xcc/0x100 (unreliable)
tree_put_node+0xf4/0x1b0 [mlx5_core]
tree_remove_node+0x30/0x70 [mlx5_core]
mlx5_del_flow_rules+0x14c/0x1f0 [mlx5_core]
esw_apply_vport_rx_mode+0x10c/0x200 [mlx5_core]
esw_update_vport_rx_mode+0xb4/0x180 [mlx5_core]
esw_vport_change_handle_locked+0x1ec/0x230 [mlx5_core]
esw_enable_vport+0x130/0x260 [mlx5_core]
mlx5_eswitch_enable_sriov+0x2a0/0x2f0 [mlx5_core]
mlx5_device_enable_sriov+0x74/0x440 [mlx5_core]
mlx5_load_one+0x114c/0x1550 [mlx5_core]
mlx5_pci_resume+0x68/0xf0 [mlx5_core]
eeh_report_resume+0x1a4/0x230
eeh_pe_dev_traverse+0x98/0x170
eeh_handle_normal_event+0x3e4/0x640
eeh_handle_event+0x4c/0x370
eeh_event_handler+0x14c/0x210
kthread+0x168/0x1b0
ret_from_kernel_thread+0x5c/0x84
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.7 < 5.10.177
LinuxLinux Kernel Version >= 5.11 < 5.15.105
LinuxLinux Kernel Version >= 5.16 < 6.1.22
LinuxLinux Kernel Version >= 6.2 < 6.2.9
LinuxLinux Kernel Version6.3 Updaterc1
LinuxLinux Kernel Version6.3 Updaterc2
LinuxLinux Kernel Version6.3 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.081
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/18cead61e437f4c7898acca0a5f3df12f801d97f
Patch
https://git.kernel.org/stable/c/4df1f2d36bdc9a368650bf14b9097c555e95f71d
Patch
https://git.kernel.org/stable/c/63546395a0e6ac264f78f65218086ce6014b4494
Patch
https://git.kernel.org/stable/c/6f5780536181d1d0d09a11a1bc92f22e143447e2
Patch
https://git.kernel.org/stable/c/922f56e9a795d6f3dd72d3428ebdd7ee040fa855
Patch