CVE-2024-44964

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> idpf: fix memory leaks and crashes while performing a soft reset<br /> <br /> The second tagged commit introduced a UAF, as it removed restoring<br /> q_vector-&gt;vport pointers after reinitializating the structures.<br /> This is due to that all queue allocation functions are performed here<br /> with the new temporary vport structure and those functions rewrite<br /> the backpointers to the vport. Then, this new struct is freed and<br /> the pointers start leading to nowhere.<br /> <br /> But generally speaking, the current logic is very fragile. It claims<br /> to be more reliable when the system is low on memory, but in fact, it<br /> consumes two times more memory as at the moment of running this<br /> function, there are two vports allocated with their queues and vectors.<br /> Moreover, it claims to prevent the driver from running into "bad state",<br /> but in fact, any error during the rebuild leaves the old vport in the<br /> partially allocated state.<br /> Finally, if the interface is down when the function is called, it always<br /> allocates a new queue set, but when the user decides to enable the<br /> interface later on, vport_open() allocates them once again, IOW there&amp;#39;s<br /> a clear memory leak here.<br /> <br /> Just don&amp;#39;t allocate a new queue set when performing a reset, that solves<br /> crashes and memory leaks. Readd the old queue number and reopen the<br /> interface on rollback - that solves limbo states when the device is left<br /> disabled and/or without HW queues enabled.