Linux Kernel mlx5 Driver NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's mlx5 driver can lead to a NULL pointer dereference, causing a kernel panic. This issue arises in the net/mlx5e component when the uplink netdevice pointer is accessed after the device has been unbound from the mlx5_core.eth driver, leaving the pointer NULL. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel panic due to an unhandled NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by unbinding a netdevice from the mlx5_core.eth driver, which clears the uplink netdevice pointer. Subsequent operations that attempt to access this pointer without checking its validity first will result in a NULL pointer dereference. This can be triggered during the management of Ethernet ports when changing the eswitch mode, as indicated by the call trace in the vulnerability description.

Remediation

The vulnerability has been addressed by modifying the mlx5e driver to ensure that the uplink netdevice pointer is valid before use. The updated code checks for NULL pointers and, if the pointer is valid, immediately takes a reference to the netdevice to prevent it from being freed while in use. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.