In the Linux kernel, the following vulnerability has been...
Moderate severity
Unreviewed
Published
Nov 19, 2024
to the GitHub Advisory Database
•
Updated Nov 25, 2024
Description
Published by the National Vulnerability Database
Nov 19, 2024
Published to the GitHub Advisory Database
Nov 19, 2024
Last updated
Nov 25, 2024
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix idpf_vc_core_init error path
In an event where the platform running the device control plane
is rebooted, reset is detected on the driver. It releases
all the resources and waits for the reset to complete. Once the
reset is done, it tries to build the resources back. At this
time if the device control plane is not yet started, then
the driver timeouts on the virtchnl message and retries to
establish the mailbox again.
In the retry flow, mailbox is deinitialized but the mailbox
workqueue is still alive and polling for the mailbox message.
This results in accessing the released control queue leading to
null-ptr-deref. Fix it by unrolling the work queue cancellation
and mailbox deinitialization in the reverse order which they got
initialized.
References