CVE-2024-26859

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a race condition in the Linux kernel's bnx2x driver, which can cause a system crash during EEH error handling. The bnx2x driver's transmit timeout logic can lead to a race condition when handling reset tasks, resulting in the access of freed memory locations. This can occur when the EEH driver attempts to reset the device using bnx2x io slot reset(), which tries to free SGEs, overlapping with the bnx2x nic unload() function's attempt to free SGEs using bnx2x free rx sge range(). The race condition can cause system crashes due to accessing freed memory locations in bnx2x free rx sge(). To solve this issue, it is necessary to verify page pool allocations before freeing.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.