CVE-2021-47246

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.0+

Description The vulnerability is related to the net/mlx5e driver in the Linux kernel. When adding a hairpin flow, a firmware-side send queue is created for the peer net device, which claims some host memory pages for its internal ring buffer. If the peer net device is removed/unbound before the hairpin flow is deleted, then the send queue is not destroyed, leading to a stack trace on PCI device remove. This results in a leak of a command resource and failed page reclamation.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the net/mlx5e driver. Specifically, versions prior to 5.12.0+ are affected, so updating to 5.12.0 or later should resolve the issue.

As a temporary workaround, consider disabling the mlx5 reclaim startup pages() function until a patch is available. However, this is not a recommended long-term solution and may have unintended consequences.

It is also recommended to restrict access to the vulnerable module mlx5 core to minimize the risk of exploitation.

Note: The provided information does not include specific details about the number of potentially affected devices or real-world incidents where this issue was exploited.