CVE-2022-50498

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> eth: alx: take rtnl_lock on resume<br /> <br /> Zbynek reports that alx trips an rtnl assertion on resume:<br /> <br /> RTNL: assertion failed at net/core/dev.c (2891)<br /> RIP: 0010:netif_set_real_num_tx_queues+0x1ac/0x1c0<br /> Call Trace:<br /> <br /> __alx_open+0x230/0x570 [alx]<br /> alx_resume+0x54/0x80 [alx]<br /> ? pci_legacy_resume+0x80/0x80<br /> dpm_run_callback+0x4a/0x150<br /> device_resume+0x8b/0x190<br /> async_resume+0x19/0x30<br /> async_run_entry_fn+0x30/0x130<br /> process_one_work+0x1e5/0x3b0<br /> <br /> indeed the driver does not hold rtnl_lock during its internal close<br /> and re-open functions during suspend/resume. Note that this is not<br /> a huge bug as the driver implements its own locking, and does not<br /> implement changing the number of queues, but we need to silence<br /> the splat.