Linux Kernel NULL Pointer Dereference Vulnerability in net/mlx5e DIM Handling

A race condition vulnerability has been identified in the Linux kernel's net/mlx5e component, specifically in versions prior to the latest patch. The issue arises when disabling the Data Integrity Management (DIM) feature, creating a timing conflict with the New API (NAPI) callbacks that rely on the DIM state. If NAPI checks the DIM status and finds it active, it assumes the associated DIM pointer is valid. However, if DIM is disabled immediately after this check, the pointer may be set to NULL, causing a NULL pointer dereference when NAPI attempts to use it. This vulnerability can lead to a kernel panic, disrupting system operations.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, leading to a kernel panic and a fatal exception in the interrupt handling process.

Reproduction

The vulnerability can be reproduced by enabling DIM on a receive or transmit queue in the mlx5e driver, and then quickly disabling it before NAPI has finished processing. This sequence of actions will cause NAPI to dereference a NULL pointer, triggering the NULL pointer dereference error in the kernel log.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.