CVE-2023-53850

Summary

In the Linux kernel, the following vulnerability has been resolved:

iavf: use internal state to free traffic IRQs

If the system tries to close the netdev while iavf_reset_task() is running, __LINK_STATE_START will be cleared and netif_running() will return false in iavf_reinit_interrupt_scheme(). This will result in iavf_free_traffic_irqs() not being called and a leak as follows:

[7632.489326] remove_proc_entry: removing non-empty directory 'irq/999', leaking at least 'iavf-enp24s0f0v0-TxRx-0'
[7632.490214] WARNING: CPU: 0 PID: 10 at fs/proc/generic.c:718 remove_proc_entry+0x19b/0x1b0

is shown when pci_disable_msix() is later called. Fix by using the internal adapter state. The traffic IRQs will always exist if state == __IAVF_RUNNING.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5b36e8d04b4439c9ceb814bfdfe1284737f9c632 < 6d9d01689b82ff5cb8f8d2a82717d7997bc0bfffaffected
LinuxLinux5b36e8d04b4439c9ceb814bfdfe1284737f9c632 < 5e9db32eec628481f5da97a5b1aedb84a5240d18affected
LinuxLinux5b36e8d04b4439c9ceb814bfdfe1284737f9c632 < a77ed5c5b768e9649be240a2d864e5cd9c6a2015affected
LinuxLinux4.15affected
LinuxLinux0 < 4.15unaffected
LinuxLinux6.1.42 <= 6.1.*unaffected
LinuxLinux6.4.7 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References