Ido Schimmel

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** An issue exists in the team driver where a `NETDEV CHANGEMTU` event is triggered during the unregistration of a slave. This can lead to a situation where the system waits for a network device to become free due to an incorrect usage count, potentially causing a system hang or crash. The problem is triggered during the execution of functions such as `team port del()`, `team del slave()`, and `team device event()`, which eventually call `dev set mtu()` and trigger the MTU change notification while the device is being unregistered. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the cleanup of FDB, MDB, and VLAN entries on unbind. The issue arises from the assumption that higher layers have balanced additions and deletions, which may not always be the case. This can lead to warnings and potential leaks when the driver unbinds with entries still present. The vulnerability is related to the DSA (Distributed Switch Architecture) and its interaction with bridge bypass operations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A data-race issue exists in the Linux kernel related to the sysctl fib multipath hash fields variable. The variable can be changed concurrently while being read, which requires the use of READ ONCE() to ensure data consistency. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the error path when calling `mlxsw sp acl tcam region destroy()` after failing to attach a region to an ACL group. The problem occurs when trying to access `region->group->tcam`, which is NULL. The fix involves retrieving the `tcam` pointer using `mlxsw sp acl to tcam()`. This issue can lead to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A critical issue affects the function `devlink param set`/`devlink param get` of the file `net/core/devlink.c` in the IPsec component, leading to use after free. This could allow an attacker to execute arbitrary code. **Recommendations** To fix this issue, it is recommended to apply a patch. As a temporary workaround, consider disabling the `devlink param set`/`devlink param get` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.14.0-custom-10271-ga86eb53057fe **Description** A division by zero error occurs when the data path sees a resilient nexthop group with zero buckets. The resilient nexthop group torture tests in fib nexthop.sh exposed this issue. The tests replace a resilient nexthop group in a loop while traffic is forwarded through it, resulting in the kernel allocating a stub resilient table with zero buckets. This table should never be visible to the data path, but the old nexthop group might still be used by the data path when the stub table is assigned to it. The fix involves only assigning the stub table to the old nexthop group after making sure the group is no longer used by the data path. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for the division by zero error when replacing a resilient group. At the moment, there is no information about a newer version that contains a fix for this vulnerability.