CVE-2024-35958

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: ena: Fix incorrect descriptor free behavior<br /> <br /> ENA has two types of TX queues:<br /> - queues which only process TX packets arriving from the network stack<br /> - queues which only process TX packets forwarded to it by XDP_REDIRECT<br /> or XDP_TX instructions<br /> <br /> The ena_free_tx_bufs() cycles through all descriptors in a TX queue<br /> and unmaps + frees every descriptor that hasn&amp;#39;t been acknowledged yet<br /> by the device (uncompleted TX transactions).<br /> The function assumes that the processed TX queue is necessarily from<br /> the first category listed above and ends up using napi_consume_skb()<br /> for descriptors belonging to an XDP specific queue.<br /> <br /> This patch solves a bug in which, in case of a VF reset, the<br /> descriptors aren&amp;#39;t freed correctly, leading to crashes.