CVE-2022-48884

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5: Fix command stats access after free<br /> <br /> Command may fail while driver is reloading and can&amp;#39;t accept FW commands<br /> till command interface is reinitialized. Such command failure is being<br /> logged to command stats. This results in NULL pointer access as command<br /> stats structure is being freed and reallocated during mlx5 devlink<br /> reload (see kernel log below).<br /> <br /> Fix it by making command stats statically allocated on driver probe.<br /> <br /> Kernel log:<br /> [ 2394.808802] BUG: unable to handle kernel paging request at 000000000002a9c0<br /> [ 2394.810610] PGD 0 P4D 0<br /> [ 2394.811811] Oops: 0002 [#1] SMP NOPTI<br /> ...<br /> [ 2394.815482] RIP: 0010:native_queued_spin_lock_slowpath+0x183/0x1d0<br /> ...<br /> [ 2394.829505] Call Trace:<br /> [ 2394.830667] _raw_spin_lock_irq+0x23/0x26<br /> [ 2394.831858] cmd_status_err+0x55/0x110 [mlx5_core]<br /> [ 2394.833020] mlx5_access_reg+0xe7/0x150 [mlx5_core]<br /> [ 2394.834175] mlx5_query_port_ptys+0x78/0xa0 [mlx5_core]<br /> [ 2394.835337] mlx5e_ethtool_get_link_ksettings+0x74/0x590 [mlx5_core]<br /> [ 2394.836454] ? kmem_cache_alloc_trace+0x140/0x1c0<br /> [ 2394.837562] __rh_call_get_link_ksettings+0x33/0x100<br /> [ 2394.838663] ? __rtnl_unlock+0x25/0x50<br /> [ 2394.839755] __ethtool_get_link_ksettings+0x72/0x150<br /> [ 2394.840862] duplex_show+0x6e/0xc0<br /> [ 2394.841963] dev_attr_show+0x1c/0x40<br /> [ 2394.843048] sysfs_kf_seq_show+0x9b/0x100<br /> [ 2394.844123] seq_read+0x153/0x410<br /> [ 2394.845187] vfs_read+0x91/0x140<br /> [ 2394.846226] ksys_read+0x4f/0xb0<br /> [ 2394.847234] do_syscall_64+0x5b/0x1a0<br /> [ 2394.848228] entry_SYSCALL_64_after_hwframe+0x65/0xca