CVE-2024-50136

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: The issue is related to the net/mlx5 component in the Linux kernel, where a notifier remains registered even after eswitch initialization failure. This can trigger warnings when attempting to enable eswitch. The notifier chain register function is involved, and the eswitch vport event callback is already registered, causing the warning. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations: Update to Linux kernel version 6.6.61 or later to resolve the issue. As a temporary workaround, consider disabling the mlx5 eswitch enable locked function until a patch is available. Restrict access to the mlx5 core module to minimize the risk of exploitation. Avoid using the sriov numvfs store function in the affected kernel until the issue is resolved.