CVE-2024-46857 - Linux Kernel Vulnerability in net/mlx5 Fixed: Preventing Crashes during Bridge Mode Operations without VFs

Recently, a vulnerability was found within the Linux kernel that caused crashes when attempting to set the bridge mode attribute when numvfs=. The bug affected the net/mlx5 kernel module, which is responsible for managing Ethernet cards.

The problem was manifested when users tried to set the bridge mode using a command like

bridge link set dev eth2 hwmode vepa

This command would cause a crash with the following error message

BUG: kernel NULL pointer dereference, address: 000000000000003
[...]
RIP: 001:mlx5_add_flow_rules+x1f/x300 [mlx5_core]
[...]
Call Trace:
 <TASK>
 _mlx5_eswitch_set_vepa_locked+x113/x230 [mlx5_core]
 mlx5_eswitch_set_vepa+x7f/xa [mlx5_core]
 rtnl_bridge_setlink+xe9/x1f
 rtnetlink_rcv_msg+x159/x400
 netlink_rcv_skb+x54/x100
 netlink_unicast+x241/x360
 netlink_sendmsg+x1f6/x430
 ____sys_sendmsg+x3bb/x3f
 ___sys_sendmsg+x88/xd
 __sys_sendmsg+x59/xa
 do_syscall_64+x79/x150
 entry_SYSCALL_64_after_hwframe+x76/x7e
RIP: 0033:x7f8f795f917

The crash occurred because the esw->fdb_table.legacy.vepa_fdb pointer was null at the time, due to the absence of virtual functions (VFs). The bridge mode setting is only applicable when there are multiple functions per port. As a result, the Linux kernel developers fixed the issue by preventing the setting and retrieving of bridge mode when there are no VFs.

After this fix, the PF interface no longer appears in the bridge link output when there are no VFs. Since there are no settings to change on the PF interface using bridge link command without VFs, this prevents crashes from occurring and makes the system more stable.

For more details on this vulnerability and the fix, you can visit the official Linux kernel repository and look for the specific commit that addressed this issue: Linux kernel commit

In conclusion, the Linux kernel developers have fixed a vulnerability in the net/mlx5 module that caused crashes when attempting to set bridge mode operations when numvfs=. Users should update their Linux kernel to the latest stable version to benefit from this fix and other security patches.

Timeline

Published on: 09/27/2024 13:15:17 UTC
Last modified on: 10/01/2024 17:10:29 UTC