CVE-2023-53079
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/05/2025
Last modified:
05/05/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net/mlx5: Fix steering rules cleanup<br />
<br />
vport&#39;s mc, uc and multicast rules are not deleted in teardown path when<br />
EEH happens. Since the vport&#39;s promisc settings(uc, mc and all) in<br />
firmware are reset after EEH, mlx5 driver will try to delete the above<br />
rules in the initialization path. This cause kernel crash because these<br />
software rules are no longer valid.<br />
<br />
Fix by nullifying these rules right after delete to avoid accessing any dangling<br />
pointers.<br />
<br />
Call Trace:<br />
__list_del_entry_valid+0xcc/0x100 (unreliable)<br />
tree_put_node+0xf4/0x1b0 [mlx5_core]<br />
tree_remove_node+0x30/0x70 [mlx5_core]<br />
mlx5_del_flow_rules+0x14c/0x1f0 [mlx5_core]<br />
esw_apply_vport_rx_mode+0x10c/0x200 [mlx5_core]<br />
esw_update_vport_rx_mode+0xb4/0x180 [mlx5_core]<br />
esw_vport_change_handle_locked+0x1ec/0x230 [mlx5_core]<br />
esw_enable_vport+0x130/0x260 [mlx5_core]<br />
mlx5_eswitch_enable_sriov+0x2a0/0x2f0 [mlx5_core]<br />
mlx5_device_enable_sriov+0x74/0x440 [mlx5_core]<br />
mlx5_load_one+0x114c/0x1550 [mlx5_core]<br />
mlx5_pci_resume+0x68/0xf0 [mlx5_core]<br />
eeh_report_resume+0x1a4/0x230<br />
eeh_pe_dev_traverse+0x98/0x170<br />
eeh_handle_normal_event+0x3e4/0x640<br />
eeh_handle_event+0x4c/0x370<br />
eeh_event_handler+0x14c/0x210<br />
kthread+0x168/0x1b0<br />
ret_from_kernel_thread+0x5c/0x84
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/18cead61e437f4c7898acca0a5f3df12f801d97f
- https://git.kernel.org/stable/c/4df1f2d36bdc9a368650bf14b9097c555e95f71d
- https://git.kernel.org/stable/c/63546395a0e6ac264f78f65218086ce6014b4494
- https://git.kernel.org/stable/c/6f5780536181d1d0d09a11a1bc92f22e143447e2
- https://git.kernel.org/stable/c/922f56e9a795d6f3dd72d3428ebdd7ee040fa855