CVE-2024-44932

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> idpf: fix UAFs when destroying the queues<br /> <br /> The second tagged commit started sometimes (very rarely, but possible)<br /> throwing WARNs from<br /> net/core/page_pool.c:page_pool_disable_direct_recycling().<br /> Turned out idpf frees interrupt vectors with embedded NAPIs *before*<br /> freeing the queues making page_pools&amp;#39; NAPI pointers lead to freed<br /> memory before these pools are destroyed by libeth.<br /> It&amp;#39;s not clear whether there are other accesses to the freed vectors<br /> when destroying the queues, but anyway, we usually free queue/interrupt<br /> vectors only when the queues are destroyed and the NAPIs are guaranteed<br /> to not be referenced anywhere.<br /> <br /> Invert the allocation and freeing logic making queue/interrupt vectors<br /> be allocated first and freed last. Vectors don&amp;#39;t require queues to be<br /> present, so this is safe. Additionally, this change allows to remove<br /> that useless queue-&gt;q_vector pointer cleanup, as vectors are still<br /> valid when freeing the queues (+ both are freed within one function,<br /> so it&amp;#39;s not clear why nullify the pointers at all).