CVE-2024-53121

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65

Description A vulnerability in the Linux kernel has been resolved, specifically in the net/mlx5 component. The issue arises from a two-step process for deleting FTEs (Flow Table Entries), which can lead to a race condition if a rule with the same match value is added simultaneously. This can cause the hardware deletion function to be set to NULL prematurely, resulting in a panic during subsequent rule deletions. To prevent this, the active flag of the FTE should be checked under a lock, preventing the fs core layer from attaching a new steering rule to an FTE that is in the process of deletion.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.65 or later. As a temporary workaround, consider disabling the mlx5 del flow rules function until a patch is available. Restrict access to the vulnerable net/mlx5 module to minimize the risk of exploitation. Avoid using the mlx5e tc rule unoffload function in the affected API endpoint until the issue is resolved.