Linux Kernel Vulnerability in iavf Driver Affecting Network Functionality
CVE-2023-53850
What is CVE-2023-53850?
A vulnerability in the iavf driver of the Linux kernel can lead to improper resource management when the netdev is closed while the iavf_reset_task() is still in progress. This can result in the failure to free traffic IRQs, leading to resource leaks. Specifically, when __LINK_STATE_START is cleared, the iavf_reinit_interrupt_scheme() function will incorrectly signal that the network interface is not running, causing the system to be unable to correctly invoke the iavf_free_traffic_irqs() function. This oversight is logged as a warning, indicating a problem in removing a non-empty directory associated with IRQs, which can potentially affect system stability and network performance. The issue is mitigated by utilizing the internal adapter state, ensuring that traffic IRQs persist during expected conditions.
Affected Version(s)
Linux 5b36e8d04b4439c9ceb814bfdfe1284737f9c632 < 6d9d01689b82ff5cb8f8d2a82717d7997bc0bfff
Linux 5b36e8d04b4439c9ceb814bfdfe1284737f9c632 < 5e9db32eec628481f5da97a5b1aedb84a5240d18
Linux 5b36e8d04b4439c9ceb814bfdfe1284737f9c632