Antoine Tenart

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.0-rc6+ Description: A vulnerability has been resolved in the Linux kernel, related to a race condition between device unregistration and ethnl operations. This issue can occur when a device is being unregistered while its number of channels are being modified, resulting in a warning message and a potential crash. The problem arises because `unregister netdevice many notify` might run before the rtnl lock section of ethnl operations, such as `set channels`. To fix this, any operation on devices being unregistered is denied. A check was already in place in `ethnl ops begin`, but it was not wide enough. Recommendations: For Linux kernel versions prior to 6.13.0-rc6+, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling ethnl operations on devices that are being unregistered to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.0-rc6+ Description: The issue is related to the ethtool component of the Linux kernel, where there is a short period between a net device starting to be unregistered and when it is actually gone, during which ethtool operations could still be performed, potentially leading to unwanted or undefined behaviors. This could result in NULL pointer exceptions and use-after-free errors. For example, adding Tx queues after unregistering a net device could lead to such errors. Recommendations: To resolve the issue, update the Linux kernel to a version that includes the patch for this vulnerability. As a temporary workaround, consider disabling ethtool operations on net devices that are being unregistered to minimize the risk of exploitation. Restrict access to the netlink part of the ethtool component, as the ioctl part is not affected by this issue.