Maor Dickman

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a NULL pointer dereference in the net/mlx5e component of the Linux kernel. This occurs due to a missing check in the bond netevent handler, which only verifies if the handled netdev is a VF representor but fails to confirm if the VF representor is on the same physical device as the bond handling the netevent. The exploitation of this issue can lead to a denial of service. Technical details include a kernel NULL pointer dereference at address 000000000000036c, with a call trace involving functions such as mlx5e eswitch uplink rep, mlx5e rep is lag netdev, and mlx5e rep esw bond netevent. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.