Linux Kernel RSS Context Deletion Logic Vulnerability in bnxt_en Driver

A vulnerability exists in the Linux kernel's bnxt_en Ethernet driver, specifically in the handling of Receive Side Scaling (RSS) context deletion. The issue arises because the driver fails to properly manage Virtual Network Interface Cards (VNICs) in the firmware when RSS contexts are deleted. This mismanagement can lead to a leakage of VNICs in the firmware, especially when the network interface is down. As a result, during the restoration of RSS contexts, the driver may attempt to create additional VNICs without proper reservations, causing firmware requests to fail and disrupting active RSS contexts. The vulnerability is rooted in an improper check that should allow for the deletion of RSS contexts even when the network interface is not active.

Impact

The vulnerability can cause a denial of service by disrupting the management of RSS contexts, leading to potential failures in network performance or functionality.

Reproduction

To reproduce this vulnerability, delete an RSS context while the network interface is down. This will trigger the issue of VNIC leakage in the firmware. Then, when the interface is brought back up and an attempt is made to restore the RSS context, the driver will try to create VNICs without having reserved them, causing the firmware to reject the request and disrupt the RSS context restoration process.

Remediation

The vulnerability has been addressed in upstream Linux kernel commits. Users should upgrade to a version that includes these commits to mitigate the issue.