Linux Kernel mlx5e Netdev Management Vulnerability Leading to NULL Pointer Dereference

A vulnerability in the Linux kernel's Mellanox mlx5 Ethernet driver can cause a NULL pointer dereference, leading to a kernel oops error. This issue arises because the private structure 'mlx5e_priv' can become unstable and be reset to zero if the profile attachment process fails. The vulnerability occurs in the 'mlx5e_remove' function when the switchdev mode fails due to a profile change error. The 'mlx5e_destroy_netdev' function is called with an invalid private structure, causing the kernel to crash.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, leading to a crash of the affected system.

Reproduction

The vulnerability can be reproduced by changing the eswitch mode to switchdev on a specific PCI device. This process will fail if the mlx5e profile initialization encounters an error, which is common. After the failed initialization, reloading the devlink device will trigger the NULL pointer dereference oops error.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.