Linux Kernel mlx5 Driver Steering Rules Cleanup Vulnerability Leading to Kernel Crash

A vulnerability in the Linux kernel's mlx5 driver can cause a kernel crash by mishandling steering rules during the teardown process after an Enhanced Error Handling (EEH) event. When EEH occurs, the virtual port's promiscuous settings in firmware are reset, prompting the mlx5 driver to delete certain multicast and unicast rules. However, these rules are not properly removed, leading to a crash when the driver attempts to access invalid, dangling pointers. The issue arises because the rules are left in place, causing a conflict when the driver is reinitialized.

Impact

The vulnerability can lead to a kernel crash, causing a denial of service by interrupting normal system operations and potentially requiring a manual restart to restore functionality.

Reproduction

The vulnerability can be reproduced by triggering an Enhanced Error Handling (EEH) event on a system running the affected Linux kernel version with the mlx5 driver. After the EEH event, the mlx5 driver will attempt to delete certain multicast and unicast steering rules that are no longer valid, but this process will inadvertently access invalid pointers, causing a kernel crash.