A vulnerability was found in Linux Kernel where, a memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures. Reference: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 https://github.com/torvalds/linux/commit/c8c2a057fdc7de1cd16f4baa51425b932a42eb39
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1774984]
This was fixed for Fedora with the 5.3.11 stable kernel update.
Mitigation: In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module mlx5_core. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .
Statement: This issue is rated as having Moderate impact because of the privileges needed to trigger the resource cleanup code path.