Linux Kernel net/mlx5e Invalid Buffer Access Vulnerability in XSK Handling for Legacy Receive Queue

A vulnerability in the Linux kernel's handling of buffers for legacy receive queues (RQ) in the net/mlx5e Ethernet driver can lead to a general protection fault. This issue arises when using the xdpsock tool in receive mode for legacy RQ. The problem occurs because the buffer is released twice: first in the XDP_REDIRECT path and then again in the driver, causing a crash. The vulnerability affects Linux kernel versions through 6.5.0-rc1.

Impact

Exploitation of this vulnerability leads to a general protection fault, likely caused by a non-canonical address, disrupting normal kernel operations and potentially causing a denial of service.

Reproduction

To reproduce this vulnerability, use the xdpsock tool in receive mode with a legacy receive queue on a system running a vulnerable version of the Linux kernel. The issue will manifest as a general protection fault, indicating an invalid memory access.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.