Linux Kernel Emulex Benet Driver Denial-of-Service Vulnerability via SR-IOV Virtual Function Creation

A denial-of-service vulnerability has been identified in the Linux kernel's Emulex Benet network driver. This issue occurs when creating Single Root I/O Virtualization (SR-IOV) Virtual Functions (VFs), which leads to a kernel crash. The problem arises because the 'be_cmd_set_mac_list' function in the Benet driver calls 'dma_free_coherent' while holding a spin lock, causing a kernel bug related to memory management. The vulnerability affects Linux kernel versions through 6.16.0.

Impact

Exploitation of this vulnerability causes a kernel panic, leading to a crash of the affected system.

Reproduction

To reproduce this vulnerability, create SR-IOV Virtual Functions on a network interface using the Emulex Benet driver. This can be done by configuring the interface to use SR-IOV and specifying the number of VFs to create. Once the VFs are created, the system will experience a kernel crash due to the vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The patch is available in the Linux kernel stable tree.