Shannon Nelson

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.10.0-rc3-netnext+ **Description** The issue arises when the `ionic tx clean()` function calls `napi consume skb()`, which in turn calls `napi skb cache put()`. The problem occurs because `napi consume skb()` is called without proper context, specifically when not in a NAPI softirq context. To signal that it's not in a safe context, `napi consume skb()` should be called with a budget of 0. The vulnerability was discovered during configuration stress testing of traffic and a change queue config loop. The `DEBUG NET WARN ON ONCE(!in softirq())` note and the comment `/* Zero budget indicate non-NAPI context called us, like netpoll */` indicate that the current implementation is incorrect. **Recommendations** To resolve the issue, pass a context hint down through the calls to let `ionic tx clean()` know what is being done, so it can call `napi consume skb()` correctly. As a temporary workaround, consider disabling the `ionic tx clean()` function until a patch is available. Restrict access to the `napi consume skb()` function to minimize the risk of exploitation. Avoid using the `budget` parameter in the affected `napi consume skb()` function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.