Linux Kernel Out-of-Bounds Access Vulnerability in mlx5e Open XDP Redirect

A vulnerability in the Linux kernel's mlx5e network driver can lead to an out-of-bounds (OOB) access and system panic. This issue arises because the function responsible for allocating memory does not properly check the validity of the node argument, particularly in builds without debug VM support. As a result, performing certain netlink operations can trigger the OOB access by referencing a CPU node that exceeds the maximum allowed value. The vulnerability has been addressed by adding a missing conversion from CPU ID to node ID, ensuring that memory allocations are correctly validated before use.

Impact

Exploitation of this vulnerability causes a page fault due to a supervisor read access error, leading to a kernel panic.

Reproduction

The vulnerability can be reproduced by executing an ethtool or netlink operation that invokes the 'mlx5e_open' function on a CPU with an ID larger than the maximum number of nodes. This will trigger the out-of-bounds access and cause a page fault, resulting in a kernel panic.