CVE-2024-50042

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is caused by not reallocating some arrays when increasing the MSI-X value on a VF, leading to invalid memory operations. The default MSI-X is 16, and values of 17 and above trigger this issue. The problem can be reproduced by running specific commands, including modprobe ice, and setting certain values in the sys/bus/pci/devices directory. KASAN reports a slab-out-of-bounds error in the ice vsi alloc ring stats function.

Recommendations: To fix the issue, use ice vsi rebuild() instead of ice vf reconfig vsi(). This causes the required arrays to be reallocated, taking the new queue count into account. Set req txq and req rxq before ice vsi rebuild(), so that realloc uses the newly set queue count. Additionally, ice vsi rebuild() does not remove VSI filters, so ice vf init host cfg() is no longer necessary. At the moment, there is no information about a newer version that contains a fix for this vulnerability.