Vulnerability in Linux Kernel Affecting Mellanox MLX5 Networking Driver
CVE-2023-53347
What is CVE-2023-53347?
A vulnerability in the Mellanox MLX5 networking driver within the Linux kernel can lead to critical operational disruptions. This issue arises when transitioning a device from switchdev mode to legacy mode. The driver improperly manages the pairing of the E-switch during uplink un/load API operations. If a peer device's flow remains offloaded and the first device to be removed is the peer, the driver may encounter a kernel error leading to potential system instability. This is due to the original E-switch holding a pointer to a flow that has since been invalidated. The resolution of this vulnerability requires careful handling of unpairing processes within the uplink API.
Affected Version(s)
Linux 04de7dda7394fa9c2b0fc9cec65661d9b4f0d04d
Linux 04de7dda7394fa9c2b0fc9cec65661d9b4f0d04d < 10cbfecc0f99f579fb170feee866c9efaab7ee47
Linux 04de7dda7394fa9c2b0fc9cec65661d9b4f0d04d < 2be5bd42a5bba1a05daedc86cf0e248210009669