Yury Vostrikov

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.3 Description: A crash in the sfc driver has been reported, originating from netpoll send udp(). The netconsole sends a message, and then netpoll invokes the driver's NAPI function with a budget of zero, which is dedicated to allow the driver to free TX resources. However, in the netpoll case, the driver invokes `xdp do flush()` unconditionally, leading to a crash because `bpf net context` was never assigned. This issue can be exploited to cause a denial of service via sfc `xdp do flush`. Recommendations: For Linux kernel versions prior to 6.11.3, upgrade the kernel immediately to mitigate the risk of system unavailability. As a temporary workaround, consider restricting the use of the `xdp do flush()` function in the sfc driver until a patch is available.