CVE-2023-52745

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> IB/IPoIB: Fix legacy IPoIB due to wrong number of queues<br /> <br /> The cited commit creates child PKEY interfaces over netlink will<br /> multiple tx and rx queues, but some devices doesn&amp;#39;t support more than 1<br /> tx and 1 rx queues. This causes to a crash when traffic is sent over the<br /> PKEY interface due to the parent having a single queue but the child<br /> having multiple queues.<br /> <br /> This patch fixes the number of queues to 1 for legacy IPoIB at the<br /> earliest possible point in time.<br /> <br /> BUG: kernel NULL pointer dereference, address: 000000000000036b<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] SMP<br /> CPU: 4 PID: 209665 Comm: python3 Not tainted 6.1.0_for_upstream_min_debug_2022_12_12_17_02 #1<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014<br /> RIP: 0010:kmem_cache_alloc+0xcb/0x450<br /> Code: ce 7e 49 8b 50 08 49 83 78 10 00 4d 8b 28 0f 84 cb 02 00 00 4d 85 ed 0f 84 c2 02 00 00 41 8b 44 24 28 48 8d 4a<br /> 01 49 8b 3c 24 8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 74 b8 41 8b<br /> RSP: 0018:ffff88822acbbab8 EFLAGS: 00010202<br /> RAX: 0000000000000070 RBX: ffff8881c28e3e00 RCX: 00000000064f8dae<br /> RDX: 00000000064f8dad RSI: 0000000000000a20 RDI: 0000000000030d00<br /> RBP: 0000000000000a20 R08: ffff8882f5d30d00 R09: ffff888104032f40<br /> R10: ffff88810fade828 R11: 736f6d6570736575 R12: ffff88810081c000<br /> R13: 00000000000002fb R14: ffffffff817fc865 R15: 0000000000000000<br /> FS: 00007f9324ff9700(0000) GS:ffff8882f5d00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 000000000000036b CR3: 00000001125af004 CR4: 0000000000370ea0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> <br /> skb_clone+0x55/0xd0<br /> ip6_finish_output2+0x3fe/0x690<br /> ip6_finish_output+0xfa/0x310<br /> ip6_send_skb+0x1e/0x60<br /> udp_v6_send_skb+0x1e5/0x420<br /> udpv6_sendmsg+0xb3c/0xe60<br /> ? ip_mc_finish_output+0x180/0x180<br /> ? __switch_to_asm+0x3a/0x60<br /> ? __switch_to_asm+0x34/0x60<br /> sock_sendmsg+0x33/0x40<br /> __sys_sendto+0x103/0x160<br /> ? _copy_to_user+0x21/0x30<br /> ? kvm_clock_get_cycles+0xd/0x10<br /> ? ktime_get_ts64+0x49/0xe0<br /> __x64_sys_sendto+0x25/0x30<br /> do_syscall_64+0x3d/0x90<br /> entry_SYSCALL_64_after_hwframe+0x46/0xb0<br /> RIP: 0033:0x7f9374f1ed14<br /> Code: 42 41 f8 ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b<br /> 7c 24 08 0f 05 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 68 41 f8 ff 48 8b<br /> RSP: 002b:00007f9324ff7bd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c<br /> RAX: ffffffffffffffda RBX: 00007f9324ff7cc8 RCX: 00007f9374f1ed14<br /> RDX: 00000000000002fb RSI: 00007f93000052f0 RDI: 0000000000000030<br /> RBP: 0000000000000000 R08: 00007f9324ff7d40 R09: 000000000000001c<br /> R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000<br /> R13: 000000012a05f200 R14: 0000000000000001 R15: 00007f9374d57bdc<br />