CVE-2024-38555

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5: Discard command completions in internal error<br /> <br /> Fix use after free when FW completion arrives while device is in<br /> internal error state. Avoid calling completion handler in this case,<br /> since the device will flush the command interface and trigger all<br /> completions manually.<br /> <br /> Kernel log:<br /> ------------[ cut here ]------------<br /> refcount_t: underflow; use-after-free.<br /> ...<br /> RIP: 0010:refcount_warn_saturate+0xd8/0xe0<br /> ...<br /> Call Trace:<br /> <br /> ? __warn+0x79/0x120<br /> ? refcount_warn_saturate+0xd8/0xe0<br /> ? report_bug+0x17c/0x190<br /> ? handle_bug+0x3c/0x60<br /> ? exc_invalid_op+0x14/0x70<br /> ? asm_exc_invalid_op+0x16/0x20<br /> ? refcount_warn_saturate+0xd8/0xe0<br /> cmd_ent_put+0x13b/0x160 [mlx5_core]<br /> mlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]<br /> cmd_comp_notifier+0x1f/0x30 [mlx5_core]<br /> notifier_call_chain+0x35/0xb0<br /> atomic_notifier_call_chain+0x16/0x20<br /> mlx5_eq_async_int+0xf6/0x290 [mlx5_core]<br /> notifier_call_chain+0x35/0xb0<br /> atomic_notifier_call_chain+0x16/0x20<br /> irq_int_handler+0x19/0x30 [mlx5_core]<br /> __handle_irq_event_percpu+0x4b/0x160<br /> handle_irq_event+0x2e/0x80<br /> handle_edge_irq+0x98/0x230<br /> __common_interrupt+0x3b/0xa0<br /> common_interrupt+0x7b/0xa0<br /> <br /> <br /> asm_common_interrupt+0x22/0x40