CVE-2023-54156

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the sfc module where a NULL pointer dereference can occur during an ethtool selftest when reading network interface card (NIC) statistics. Specifically, the efx net stats() function, also known as .ndo get stats64, may be called while the NIC is being reset, leading to a situation where nic data->mc stats is NULL. Attempting to fetch statistics from the hardware in this state results in a kernel crash. The issue is related to a potential time-of-check to time-of-use (TOCTTOU) bug during the freeing of resources in efx ef10 fini nic(), which could race against efx ef10 update stats pf(). The fix involves taking the efx->stats lock in fini nic to prevent this race condition. The function efx nic update stats is involved in the crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.