CVE-2024-44970

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The issue arises in the net/mlx5e component of the Linux kernel, specifically with the SHAMPO feature. When all strides in a Work Queue Element (WQE) are consumed, the WQE is unlinked from the Work Queue (WQ) linked list using the mlx5 wq ll pop() function. However, for SHAMPO, it's possible to receive Completion Queue Entries (CQEs) with 0 consumed strides for the same WQE even after it's fully consumed and unlinked. This triggers an additional unlink for the same WQE, corrupting the linked list. The fix involves accepting 0-sized consumed strides without unlinking the WQE again.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider restricting access to the vulnerable net/mlx5e component until a patch is available.