Souradeep Chakrabarti

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.52 **Description** The issue is related to the `net: mana` module in the Linux kernel, where the `napi disable()` function gets called during rxq and txq cleanup before `napi` is enabled and `hrtimer` is initialized, causing a kernel panic. The panic occurs due to the incorrect handling of the `napi disable()` call, which leads to a crash when trying to cancel the `hrtimer`. Technical details about the issue include the involvement of functions such as `page fault oops()`, `page counter cancel()`, `do user addr fault()`, and `hrtimer try to cancel()`. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.52 or later. As a temporary workaround, consider disabling the `mana create txq/rxq` functionality until a patch is available. Restrict access to the vulnerable `net: mana` module to minimize the risk of exploitation. Avoid using the `napi disable()` function in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A race condition between `netvsc probe` and `netvsc remove` has been resolved in the Linux kernel. The issue occurred when `napi disable` was called for all channels, including subchannels, without confirming if they were enabled or not. This caused `hv netvsc` to get hung at `napi disable` when `netvsc probe()` finished running but `nvdev->subchan work` had not started yet. The fix ensures that `napi disable()` is not called for non-enabled NAPI structs. `netif napi del()` is still necessary for these non-enabled NAPI structs for cleanup purposes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.