Linux Kernel net/mlx5 IRQ Handling Vulnerability Leading to General Protection Fault

A vulnerability in the Linux kernel's handling of IRQ vectors in the mlx5 networking component can cause a general protection fault, leading to a kernel panic. This issue arises when the mlx5_irq_alloc() function frees the entire IRQ mapping resource (rmap) after a request_irq() call fails due to exhausted IRQ vectors. The failure is typically encountered when both fwctl and rds configurations are enabled. The improper cleanup can cause crashes when other threads attempt to access the freed resource.

Impact

The vulnerability can cause a kernel panic due to a general protection fault, likely related to a non-canonical memory address. This disruption can lead to a denial of service, causing the system to become unresponsive or to crash.

Reproduction

The vulnerability can be reproduced by enabling both the fwctl and rds configurations, which can exhaust the available IRQ vectors. When the mlx5 component attempts to allocate new IRQ vectors, the request will fail, triggering the vulnerability. The failure can be observed in the system logs, where the IRQ allocation errors are reported. This error can be further verified by checking for a subsequent kernel panic, which indicates that the vulnerability has been successfully triggered.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel documentation.