Linux Kernel ixgbe Driver Denial-of-Service Vulnerability via SR-IOV Configuration

A denial-of-service vulnerability has been identified in the Linux kernel's ixgbe driver. The issue arises when virtual functions (VFs) are disabled while the physical function (PF) driver is handling requests from the VF driver. This improper synchronization can lead to a kernel panic, causing a system crash. The vulnerability is related to the management of SR-IOV (Single Root I/O Virtualization) resources.

Impact

Exploiting this vulnerability can cause a kernel panic, leading to a system crash.

Reproduction

The vulnerability can be reproduced by repeatedly disabling and enabling virtual functions through the 'sriov_numvfs' interface of the affected network device. This can be automated with a script that sends commands to disable VFs while the PF driver is still processing requests from the VFs, causing a race condition that leads to a kernel panic.

Remediation

Users should add locking mechanisms when disabling SR-IOV to prevent interference with ongoing communications between the PF and VF drivers.