CVE-2023-53999

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: TC, Fix internal port memory leak<br /> <br /> The flow rule can be splited, and the extra post_act rules are added<br /> to post_act table. It&amp;#39;s possible to trigger memleak when the rule<br /> forwards packets from internal port and over tunnel, in the case that,<br /> for example, CT &amp;#39;new&amp;#39; state offload is allowed. As int_port object is<br /> assigned to the flow attribute of post_act rule, and its refcnt is<br /> incremented by mlx5e_tc_int_port_get(), but mlx5e_tc_int_port_put() is<br /> not called, the refcnt is never decremented, then int_port is never<br /> freed.<br /> <br /> The kmemleak reports the following error:<br /> unreferenced object 0xffff888128204b80 (size 64):<br /> comm "handler20", pid 50121, jiffies 4296973009 (age 642.932s)<br /> hex dump (first 32 bytes):<br /> 01 00 00 00 19 00 00 00 03 f0 00 00 04 00 00 00 ................<br /> 98 77 67 41 81 88 ff ff 98 77 67 41 81 88 ff ff .wgA.....wgA....<br /> backtrace:<br /> [] kmalloc_trace+0x27/0x120<br /> [] mlx5e_tc_int_port_get+0x3f3/0xe20 [mlx5_core]<br /> [] mlx5e_tc_add_fdb_flow+0x473/0xcf0 [mlx5_core]<br /> [] __mlx5e_add_fdb_flow+0x7cf/0xe90 [mlx5_core]<br /> [] mlx5e_configure_flower+0xd40/0x4c40 [mlx5_core]<br /> [] mlx5e_rep_indr_offload.isra.0+0x10e/0x1c0 [mlx5_core]<br /> [] mlx5e_rep_indr_setup_tc_cb+0x90/0x130 [mlx5_core]<br /> [] tc_setup_cb_add+0x1cf/0x410<br /> [] fl_hw_replace_filter+0x38f/0x670 [cls_flower]<br /> [] fl_change+0x1fd5/0x4430 [cls_flower]<br /> [] tc_new_tfilter+0x867/0x2010<br /> [] rtnetlink_rcv_msg+0x6fc/0x9f0<br /> [] netlink_rcv_skb+0x12c/0x360<br /> [] netlink_unicast+0x438/0x710<br /> [] netlink_sendmsg+0x794/0xc50<br /> [] sock_sendmsg+0xc5/0x190<br /> <br /> So fix this by moving int_port cleanup code to the flow attribute<br /> free helper, which is used by all the attribute free cases.