In the Linux kernel, a vulnerability related to the handling of net/mlx5e peer flow lists has recently been resolved. This article explores the details of the vulnerability, the specific changes made to address the problem, and how it impacts users.

What is the vulnerability?

The vulnerability revolves around mlx5e_tc_del_fdb_peer_flow(), which was refactored to only clear the DUP (duplicate) flag when the list of peer flows becomes empty. If any concurrent user holds a reference to a peer flow (e.g., due to the neighbor update workqueue task updating the peer flow's parent encap entry concurrently), the flow will not be removed from the peer list, and consequently, the DUP flag will remain set.

This creates an issue because mlx5e_tc_del_fdb_peers_flow() calls mlx5e_tc_del_fdb_peer_flow() for every possible peer index. As a result, the algorithm attempts to remove the flow from eswitch instances that it has never peered with, which can cause a NULL pointer dereference when trying to remove the flow peer list head of a peer_index that was never initialized. Alternatively, a warning could be triggered if the list debug configuration is enabled:

[ 3102.985806] ------------[ cut here ]------------
[ 3102.986223] list_del corruption, ffff888139110698->next is NULL
[ 3102.986757] WARNING: CPU: 2 PID: 22109 at lib/list_debug.c:53 __list_del_entry_valid_or_report+x4f/xc

----- Truncated output -----

How was the vulnerability addressed?

The vulnerability was fixed by updating the algorithm to always remove the peer flow from the peer list, even when not releasing the last reference to it. This ensures that the flow is correctly removed and the DUP flag is properly handled, eliminating the risk of triggering a NULL pointer dereference or a warning due to list debug configuration.

What does this mean for users?

Users running Linux systems with the affected kernel code will benefit from the resolution of this vulnerability, decreasing the likelihood of experiencing crashes or unexpected behavior due to improper peer flow list handling. It is always recommended to stay up-to-date with the latest kernel versions, which usually include important security fixes and optimizations.

For more details and the original references discussing the vulnerability and its resolution, visit the following links:

- Linux Kernel Mailing List (LKML) - Patch submission detailing the fix
- Kernel.org - Git commit implementing the resolution

In conclusion, CVE-2023-52487 highlights the importance of continuously monitoring, analyzing, and addressing vulnerabilities in software systems, especially those as widely used and critical as the Linux kernel. By staying informed on security updates and applying them as necessary, you can help protect your systems and data from potential threats and ensure the stability, performance, and efficiency of your Linux environment.

Timeline

Published on: 03/11/2024 18:15:16 UTC
Last modified on: 12/12/2024 17:31:37 UTC