Sylwester Dziedziuch

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The vulnerability is related to the i40e component in the Linux kernel, which causes a NULL pointer dereference when XDP is configured on a system with a large number of CPUs and an X722 NIC. This results in a call trace and a kernel crash. The issue is caused by PF queue pile fragmentation due to the flow director VSI queue being placed right after the main VSI, preventing the main VSI from resizing its queue allocation for XDP. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a NULL pointer dereference in the `i40e dbg dump desc` function when trying to dump VFs VSI RX/TX descriptors using debugfs. This can cause a crash due to the NULL pointer dereference. A check has been added to `i40e dbg dump desc` to ensure the VSI type is correct for dumping RX/TX descriptors. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.