Bug 2266371 (CVE-2021-46916) - CVE-2021-46916 kernel: NULL pointer dereference in ethtool loopback test
Summary: CVE-2021-46916 kernel: NULL pointer dereference in ethtool loopback test
Keywords:
Status: NEW
Alias: CVE-2021-46916
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2266381
Blocks: 2266369
TreeView+ depends on / blocked
 
Reported: 2024-02-27 17:35 UTC by Rohit Keshri
Modified: 2024-03-26 18:28 UTC (History)
49 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in ethtool loopback test in the Linux Kernel. This issue occurs due to a missing q_vector associated with the test ring when it is setup, as interrupts are not normally added to the test rings.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Rohit Keshri 2024-02-27 17:35:14 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ixgbe: Fix NULL pointer dereference in ethtool loopback test

The ixgbe driver currently generates a NULL pointer dereference when
performing the ethtool loopback test. This is due to the fact that there
isn't a q_vector associated with the test ring when it is setup as
interrupts are not normally added to the test rings.

To address this I have added code that will check for a q_vector before
returning a napi_id value. If a q_vector is not present it will return a
value of 0.

https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d
https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba
Comment 1 Rohit Keshri 2024-02-27 17:54:09 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2266381]
Comment 3 Justin M. Forbes 2024-02-27 18:24:47 UTC 
This was fixed for Fedora with the 5.11.16 stable kernel update.
Note You need to log in before you can comment on or make changes to this bug.