CVE-2024-46770

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description The issue arises when ethtool callbacks are executed while a reset is in progress, attempting to access deleted resources. This can result in a NULL pointer dereference. The reproduction steps involve triggering a reset and then trying to get coalesce settings using ethtool. The ice get q coalesce function is specifically mentioned as being involved in the NULL pointer dereference. Technical details include the execution of ethtool callbacks during reset and the access of deleted resources, such as getting coalesce settings.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.52 or later. As a temporary workaround, consider disabling ethtool operations during reset by calling netif device detach() before reset and netif device attach() after reset is done and ice rebuild() is executing. Restrict access to the vulnerable ice get q coalesce function until a patch is available. Avoid using ethtool commands during reset to minimize the risk of exploitation.