CVE-2024-50274

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.8

Description: A vulnerability in the Linux kernel has been resolved, specifically in the idpf get link ksettings function. When the device control plane is removed or the platform running the device control plane is rebooted, a reset is detected on the driver. If the reset fails, it takes the error path and releases the vport lock. At this time, if monitoring tools try to access link settings, it can lead to a call trace for accessing a released vport pointer. The issue is resolved by moving link speed mbps to the netdev priv structure, removing the dependency on the vport pointer and the vport lock in idpf get link ksettings. The netif carrier ok() function is used to check the link status, and the offsetof is adjusted to use link up instead of link speed mbps.

Recommendations: To resolve the issue, upgrade the Linux kernel to version 6.11.8 or later. As a temporary workaround, consider restricting access to the idpf get link ksettings function until a patch is available. Additionally, monitoring tools should be configured to avoid accessing link settings during a driver reset.