CVE-2024-50147

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: A null pointer dereference issue has been identified in the Linux kernel's net/mlx5 component. The problem occurs due to incorrect initialization of the command bitmask, specifically the bit for the MANAGE PAGES command. This can lead to a null pointer dereference error when mlx5 cmd trigger completions() attempts to trigger completion for the MANAGE PAGES command before it has been invoked. The issue can result in a null-ptr-deref error, as seen in the mlx5 cmd trigger completions+0x1db/0x600 function.

Recommendations: To resolve this issue, update to Linux kernel version 6.6.61 or later. As a temporary workaround, consider disabling the mlx5 cmd trigger completions() function until a patch is available. Restrict access to the net/mlx5 component to minimize the risk of exploitation. Avoid using the MANAGE PAGES command in the affected API endpoint until the issue is resolved.