Linux Kernel net/mlx5e Profile Change Rollback Failure Crash Vulnerability

A crash vulnerability has been identified in the Linux kernel's mlx5e networking component. This issue arises when changing network profiles, particularly in switchdev mode. If the process of attaching a new profile fails, the system may attempt to roll back to the previous profile. However, this rollback can also fail, leaving the network device in a dangling state with a reset private data structure. Subsequent attempts to change the profile can lead to a kernel NULL pointer dereference, causing a crash. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can be exploited by causing a NULL pointer dereference in the kernel, leading to a crash. This disruption can be particularly impactful in environments that rely on stable network operations, as it can cause unexpected downtime or service interruptions.

Reproduction

The vulnerability can be reproduced by changing the network profile of a device using the mlx5e driver, particularly through switchdev mode. If the first attempt to change the profile fails, a subsequent attempt will likely cause a crash due to a NULL pointer dereference. This can be observed in the system logs, where the error 'BUG: kernel NULL pointer dereference' is reported, indicating that the system tried to access a memory address that was not valid, leading to a crash.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.