SB2024091881 - NULL pointer dereference in Linux kernel intel ice driver

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2024-46765)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_xsk_pool_setup() function in drivers/net/ethernet/intel/ice/ice_xsk.c, within the ice_clear_hw_tbls(), ice_xdp_setup_prog() and ice_xdp() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_free(), ice_vsi_alloc() and ice_vsi_rebuild() functions in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3
• https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f
• https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.51