CVE-2024-50146 Information

Description

In the Linux kernel the following vulnerability has been resolved:

net/mlx5e: Don’t call cleanup on profile rollback failure

When profile rollback fails in mlx5e_netdev_change_profile the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not calling profile->cleanup in such a case.

This was encountered while testing with the original trigger that the wq rescuer thread creation got interrupted (presumably due to Ctrl+C-ing modprobe) which gets converted to ENOMEM (-12) by mlx5e_priv_init the profile rollback also fails for the same reason (signal still active) so the profile is left as NULL leading to a crash later in _mlx5e_remove.

[ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS) nvfs(2) necvfs(0) active vports(2) [ 734.525513] workqueue: Failed to create a rescuer kthread for wq \mlx5e\

Reference

https://git.kernel.org/stable/c/3955b77494c3c7d14873b1db67e7e00c46a714db https://git.kernel.org/stable/c/4dbc1d1a9f39c3711ad2a40addca04d07d9ab5d0