Jacob Keller

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is caused by not reallocating some arrays when increasing the MSI-X value on a VF, leading to invalid memory operations. The default MSI-X is 16, and values of 17 and above trigger this issue. The problem can be reproduced by running specific commands, including modprobe ice, and setting certain values in the sys/bus/pci/devices directory. KASAN reports a slab-out-of-bounds error in the ice vsi alloc ring stats function. Recommendations: To fix the issue, use ice vsi rebuild() instead of ice vf reconfig vsi(). This causes the required arrays to be reallocated, taking the new queue count into account. Set req txq and req rxq before ice vsi rebuild(), so that realloc uses the newly set queue count. Additionally, ice vsi rebuild() does not remove VSI filters, so ice vf init host cfg() is no longer necessary. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises from a race condition between the `ice ptp extts event()` function and `ice ptp release()`, leading to a NULL pointer dereference and resulting in a kernel panic. This occurs because `ice ptp extts event()` calls `ptp clock event()` with a NULL pointer after the ice driver has released the PTP clock. The problem can be resolved by modifying the `ice ptp extts event()` function to check the PTP state and exit early if PTP is not ready. **Recommendations** To fix this issue, modify the `ice ptp extts event()` function to check the PTP state and bail early if PTP is not ready. As a temporary workaround, consider disabling the `ice ptp extts event()` function until a patch is available. Restrict access to the PTP clock to minimize the risk of exploitation. Avoid using the `ptp clock event()` function with a NULL pointer in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.