CVE-2023-53114

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A kernel crash can occur during reboot when an adapter is in recovery mode. This issue arises because the i40e init recovery mode() function is called when the driver detects firmware in recovery mode during probe, skipping the rest of the probe function, including pci set drvdata(). As a result, subsequent calls to i40e shutdown() during shutdown or reboot dereference a NULL pointer, leading to a kernel crash. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

To fix the issue, pci set drvdata() should also be called when entering recovery mode. Technical details about exploitation include the i40e shutdown() function and the pci get drvdata() function, which returns NULL, causing the crash.

Recommendations To resolve the issue, call pci set drvdata() during entering recovery mode. As a temporary workaround, consider disabling the i40e shutdown() function until a patch is available. However, since the exact affected versions are not specified, it is crucial to apply the fix to all potentially vulnerable versions of the Linux kernel. At the moment, there is no information about a newer version that contains a fix for this vulnerability.