Jiri Pirko

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a race condition in the Linux kernel's bnx2x driver, which can cause a system crash during EEH error handling. The bnx2x driver's transmit timeout logic can lead to a race condition when handling reset tasks, resulting in the access of freed memory locations. This can occur when the EEH driver attempts to reset the device using bnx2x io slot reset(), which tries to free SGEs, overlapping with the bnx2x nic unload() function's attempt to free SGEs using bnx2x free rx sge range(). The race condition can cause system crashes due to accessing freed memory locations in bnx2x free rx sge(). To solve this issue, it is necessary to verify page pool allocations before freeing. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8.0-rc2jiri+ Description: The vulnerability is related to a use-after-free issue in the `mlx5 dpll remove` function, which can cause a denial-of-service. The issue occurs when a delayed work timer is triggered, allowing an attacker to exploit the vulnerability. The estimated number of potentially affected devices is not specified. Recommendations: To resolve the issue, update the Linux kernel to version 6.8.0-rc2jiri or later. As a temporary workaround, consider disabling the `mlx5 dpll remove` function until a patch is available. Restrict access to the vulnerable module `mlx5 dpll` to minimize the risk of exploitation. Avoid using the `mlx5 dpll probe` function in the affected API endpoint until the issue is resolved.