Cosmin Ratiu

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A vulnerability in the Linux kernel has been resolved, specifically in the net/mlx5e module. The issue occurs when profile rollback fails in mlx5e netdev change profile, causing the netdev profile variable to be left set to NULL. This can lead to a crash when unloading the driver. The problem was encountered during testing, where the creation of a rescuer thread was interrupted, resulting in a failure to initialize the profile and a subsequent crash. Technical details include the failure of mlx5e priv init and the inability to rollback to the original profile, leading to a NULL pointer dereference. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the incorrect initialization of resources in the `add rule fg()` function, which can lead to a crash when the flow group is deleted. This happens because `create flow handle` tries to find and reference existing identical rules, while `add rule fg` only adds new rules with a refcount of 1 to the tree. As a result, a rule with a refcount of 2 may not be linked into the tree, causing a crash when `del sw hw rule` is invoked. This issue has been observed in the wild due to another bug related to incorrect handling of duplicate `pkt reformat` ids. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.