CVE-2024-53064

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> idpf: fix idpf_vc_core_init error path<br /> <br /> In an event where the platform running the device control plane<br /> is rebooted, reset is detected on the driver. It releases<br /> all the resources and waits for the reset to complete. Once the<br /> reset is done, it tries to build the resources back. At this<br /> time if the device control plane is not yet started, then<br /> the driver timeouts on the virtchnl message and retries to<br /> establish the mailbox again.<br /> <br /> In the retry flow, mailbox is deinitialized but the mailbox<br /> workqueue is still alive and polling for the mailbox message.<br /> This results in accessing the released control queue leading to<br /> null-ptr-deref. Fix it by unrolling the work queue cancellation<br /> and mailbox deinitialization in the reverse order which they got<br /> initialized.