Linux Kernel Net/Mlx5 E-Switch Unpairing Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in the Linux kernel's handling of Mellanox mlx5 network devices. The issue arises when switching a device from switchdev mode to legacy mode, as the unpairing of the E-switch and unloading of the uplink vport are not properly synchronized. This can lead to a kernel oops error by causing a page fault when the unpairing process attempts to access a cleared memory pointer. The vulnerability is particularly problematic when Virtual Function Link Aggregation Group (VF_LAG) is in use, as it can cause duplication of traffic control flows between peer E-switches, complicating the flow management and increasing the risk of errors during device removal or reloading.

Impact

The vulnerability causes a kernel oops, which is an error indicating that the kernel has encountered a problem it cannot handle, potentially leading to a system crash or instability.

Reproduction

To reproduce this vulnerability, switch a Mellanox mlx5 device from switchdev mode to legacy mode. During this process, the E-switch unpairing and uplink vport unloading will become unsynchronized, leading to a kernel oops error. This issue can also be reproduced by removing or reloading a device while a peer traffic control flow is still offloaded, causing a similar unpairing error.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.