CVE-2023-54037

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ice: prevent NULL pointer deref during reload<br /> <br /> Calling ethtool during reload can lead to call trace, because VSI isn&amp;#39;t<br /> configured for some time, but netdev is alive.<br /> <br /> To fix it add rtnl lock for VSI deconfig and config. Set ::num_q_vectors<br /> to 0 after freeing and add a check for ::tx/rx_rings in ring related<br /> ethtool ops.<br /> <br /> Add proper unroll of filters in ice_start_eth().<br /> <br /> Reproduction:<br /> $watch -n 0.1 -d &amp;#39;ethtool -g enp24s0f0np0&amp;#39;<br /> $devlink dev reload pci/0000:18:00.0 action driver_reinit<br /> <br /> Call trace before fix:<br /> [66303.926205] BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> [66303.926259] #PF: supervisor read access in kernel mode<br /> [66303.926286] #PF: error_code(0x0000) - not-present page<br /> [66303.926311] PGD 0 P4D 0<br /> [66303.926332] Oops: 0000 [#1] PREEMPT SMP PTI<br /> [66303.926358] CPU: 4 PID: 933821 Comm: ethtool Kdump: loaded Tainted: G OE 6.4.0-rc5+ #1<br /> [66303.926400] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.00.01.0014.070920180847 07/09/2018<br /> [66303.926446] RIP: 0010:ice_get_ringparam+0x22/0x50 [ice]<br /> [66303.926649] Code: 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 48 8b 87 c0 09 00 00 c7 46 04 e0 1f 00 00 c7 46 10 e0 1f 00 00 48 8b 50 20 8b 12 0f b7 52 3a 89 56 14 48 8b 40 28 48 8b 00 0f b7 40 58 48<br /> [66303.926722] RSP: 0018:ffffad40472f39c8 EFLAGS: 00010246<br /> [66303.926749] RAX: ffff98a8ada05828 RBX: ffff98a8c46dd060 RCX: ffffad40472f3b48<br /> [66303.926781] RDX: 0000000000000000 RSI: ffff98a8c46dd068 RDI: ffff98a8b23c4000<br /> [66303.926811] RBP: ffffad40472f3b48 R08: 00000000000337b0 R09: 0000000000000000<br /> [66303.926843] R10: 0000000000000001 R11: 0000000000000100 R12: ffff98a8b23c4000<br /> [66303.926874] R13: ffff98a8c46dd060 R14: 000000000000000f R15: ffffad40472f3a50<br /> [66303.926906] FS: 00007f6397966740(0000) GS:ffff98b390900000(0000) knlGS:0000000000000000<br /> [66303.926941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [66303.926967] CR2: 0000000000000000 CR3: 000000011ac20002 CR4: 00000000007706e0<br /> [66303.926999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> [66303.927029] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> [66303.927060] PKRU: 55555554<br /> [66303.927075] Call Trace:<br /> [66303.927094] <br /> [66303.927111] ? __die+0x23/0x70<br /> [66303.927140] ? page_fault_oops+0x171/0x4e0<br /> [66303.927176] ? exc_page_fault+0x7f/0x180<br /> [66303.927209] ? asm_exc_page_fault+0x26/0x30<br /> [66303.927244] ? ice_get_ringparam+0x22/0x50 [ice]<br /> [66303.927433] rings_prepare_data+0x62/0x80<br /> [66303.927469] ethnl_default_doit+0xe2/0x350<br /> [66303.927501] genl_family_rcv_msg_doit.isra.0+0xe3/0x140<br /> [66303.927538] genl_rcv_msg+0x1b1/0x2c0<br /> [66303.927561] ? __pfx_ethnl_default_doit+0x10/0x10<br /> [66303.927590] ? __pfx_genl_rcv_msg+0x10/0x10<br /> [66303.927615] netlink_rcv_skb+0x58/0x110<br /> [66303.927644] genl_rcv+0x28/0x40<br /> [66303.927665] netlink_unicast+0x19e/0x290<br /> [66303.927691] netlink_sendmsg+0x254/0x4d0<br /> [66303.927717] sock_sendmsg+0x93/0xa0<br /> [66303.927743] __sys_sendto+0x126/0x170<br /> [66303.927780] __x64_sys_sendto+0x24/0x30<br /> [66303.928593] do_syscall_64+0x5d/0x90<br /> [66303.929370] ? __count_memcg_events+0x60/0xa0<br /> [66303.930146] ? count_memcg_events.constprop.0+0x1a/0x30<br /> [66303.930920] ? handle_mm_fault+0x9e/0x350<br /> [66303.931688] ? do_user_addr_fault+0x258/0x740<br /> [66303.932452] ? exc_page_fault+0x7f/0x180<br /> [66303.933193] entry_SYSCALL_64_after_hwframe+0x72/0xdc