CVE-2023-54156

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sfc: fix crash when reading stats while NIC is resetting<br /> <br /> efx_net_stats() (.ndo_get_stats64) can be called during an ethtool<br /> selftest, during which time nic_data-&gt;mc_stats is NULL as the NIC has<br /> been fini&amp;#39;d. In this case do not attempt to fetch the latest stats<br /> from the hardware, else we will crash on a NULL dereference:<br /> BUG: kernel NULL pointer dereference, address: 0000000000000038<br /> RIP efx_nic_update_stats<br /> abridged calltrace:<br /> efx_ef10_update_stats_pf<br /> efx_net_stats<br /> dev_get_stats<br /> dev_seq_printf_stats<br /> Skipping the read is safe, we will simply give out stale stats.<br /> To ensure that the free in efx_ef10_fini_nic() does not race against<br /> efx_ef10_update_stats_pf(), which could cause a TOCTTOU bug, take the<br /> efx-&gt;stats_lock in fini_nic (it is already held across update_stats).