A vulnerability was found in Linux Kernel where, a memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_collect() failures. Reference: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 https://github.com/torvalds/linux/commit/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1774992]
This was fixed for Fedora with the 5.3.11 stable update.
Mitigation: In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module mlx5_core. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .
Statement: This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path.