CVE-2022-50726 (GCVE-0-2022-50726)
Vulnerability from cvelistv5 – Published: 2025-12-24 12:22 – Updated: 2025-12-24 12:22
VLAI?
Title
net/mlx5: Fix possible use-after-free in async command interface
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix possible use-after-free in async command interface
mlx5_cmd_cleanup_async_ctx should return only after all its callback
handlers were completed. Before this patch, the below race between
mlx5_cmd_cleanup_async_ctx and mlx5_cmd_exec_cb_handler was possible and
lead to a use-after-free:
1. mlx5_cmd_cleanup_async_ctx is called while num_inflight is 2 (i.e.
elevated by 1, a single inflight callback).
2. mlx5_cmd_cleanup_async_ctx decreases num_inflight to 1.
3. mlx5_cmd_exec_cb_handler is called, decreases num_inflight to 0 and
is about to call wake_up().
4. mlx5_cmd_cleanup_async_ctx calls wait_event, which returns
immediately as the condition (num_inflight == 0) holds.
5. mlx5_cmd_cleanup_async_ctx returns.
6. The caller of mlx5_cmd_cleanup_async_ctx frees the mlx5_async_ctx
object.
7. mlx5_cmd_exec_cb_handler goes on and calls wake_up() on the freed
object.
Fix it by syncing using a completion object. Mark it completed when
num_inflight reaches 0.
Trace:
BUG: KASAN: use-after-free in do_raw_spin_lock+0x23d/0x270
Read of size 4 at addr ffff888139cd12f4 by task swapper/5/0
CPU: 5 PID: 0 Comm: swapper/5 Not tainted 6.0.0-rc3_for_upstream_debug_2022_08_30_13_10 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Call Trace:
<IRQ>
dump_stack_lvl+0x57/0x7d
print_report.cold+0x2d5/0x684
? do_raw_spin_lock+0x23d/0x270
kasan_report+0xb1/0x1a0
? do_raw_spin_lock+0x23d/0x270
do_raw_spin_lock+0x23d/0x270
? rwlock_bug.part.0+0x90/0x90
? __delete_object+0xb8/0x100
? lock_downgrade+0x6e0/0x6e0
_raw_spin_lock_irqsave+0x43/0x60
? __wake_up_common_lock+0xb9/0x140
__wake_up_common_lock+0xb9/0x140
? __wake_up_common+0x650/0x650
? destroy_tis_callback+0x53/0x70 [mlx5_core]
? kasan_set_track+0x21/0x30
? destroy_tis_callback+0x53/0x70 [mlx5_core]
? kfree+0x1ba/0x520
? do_raw_spin_unlock+0x54/0x220
mlx5_cmd_exec_cb_handler+0x136/0x1a0 [mlx5_core]
? mlx5_cmd_cleanup_async_ctx+0x220/0x220 [mlx5_core]
? mlx5_cmd_cleanup_async_ctx+0x220/0x220 [mlx5_core]
mlx5_cmd_comp_handler+0x65a/0x12b0 [mlx5_core]
? dump_command+0xcc0/0xcc0 [mlx5_core]
? lockdep_hardirqs_on_prepare+0x400/0x400
? cmd_comp_notifier+0x7e/0xb0 [mlx5_core]
cmd_comp_notifier+0x7e/0xb0 [mlx5_core]
atomic_notifier_call_chain+0xd7/0x1d0
mlx5_eq_async_int+0x3ce/0xa20 [mlx5_core]
atomic_notifier_call_chain+0xd7/0x1d0
? irq_release+0x140/0x140 [mlx5_core]
irq_int_handler+0x19/0x30 [mlx5_core]
__handle_irq_event_percpu+0x1f2/0x620
handle_irq_event+0xb2/0x1d0
handle_edge_irq+0x21e/0xb00
__common_interrupt+0x79/0x1a0
common_interrupt+0x78/0xa0
</IRQ>
<TASK>
asm_common_interrupt+0x22/0x40
RIP: 0010:default_idle+0x42/0x60
Code: c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 04 84 d2 75 14 8b 05 eb 47 22 02 85 c0 7e 07 0f 00 2d e0 9f 48 00 fb f4 <c3> 48 c7 c7 80 08 7f 85 e8 d1 d3 3e fe eb de 66 66 2e 0f 1f 84 00
RSP: 0018:ffff888100dbfdf0 EFLAGS: 00000242
RAX: 0000000000000001 RBX: ffffffff84ecbd48 RCX: 1ffffffff0afe110
RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffffffff835cc9bc
RBP: 0000000000000005 R08: 0000000000000001 R09: ffff88881dec4ac3
R10: ffffed1103bd8958 R11: 0000017d0ca571c9 R12: 0000000000000005
R13: ffffffff84f024e0 R14: 0000000000000000 R15: dffffc0000000000
? default_idle_call+0xcc/0x450
default_idle_call+0xec/0x450
do_idle+0x394/0x450
? arch_cpu_idle_exit+0x40/0x40
? do_idle+0x17/0x450
cpu_startup_entry+0x19/0x20
start_secondary+0x221/0x2b0
? set_cpu_sibling_map+0x2070/0x2070
secondary_startup_64_no_verify+0xcd/0xdb
</TASK>
Allocated by task 49502:
kasan_save_stack+0x1e/0x40
__kasan_kmalloc+0x81/0xa0
kvmalloc_node+0x48/0xe0
mlx5e_bulk_async_init+0x35/0x110 [mlx5_core]
mlx5e_tls_priv_tx_list_cleanup+0x84/0x3e0 [mlx5_core]
mlx5e_ktls_cleanup_tx+0x38f/0x760 [mlx5_core]
mlx5e_cleanup_nic_tx+0xa7/0x100 [mlx5_core]
mlx5e_detach_netdev+0x1c
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
e355477ed9e4f401e3931043df97325d38552d54 , < 69dd3ad406c49aa69ce4852c15231ac56af8caf9
(git)
Affected: e355477ed9e4f401e3931043df97325d38552d54 , < bbcc06933f35651294ea1e963757502312c2171f (git) Affected: e355477ed9e4f401e3931043df97325d38552d54 , < ab3de780c176bb91995c6166a576b370d9726e17 (git) Affected: e355477ed9e4f401e3931043df97325d38552d54 , < 0aa3ee1e4e5c9ed5dda11249450d609c3072c54e (git) Affected: e355477ed9e4f401e3931043df97325d38552d54 , < bacd22df95147ed673bec4692ab2d4d585935241 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/cmd.c",
"include/linux/mlx5/driver.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69dd3ad406c49aa69ce4852c15231ac56af8caf9",
"status": "affected",
"version": "e355477ed9e4f401e3931043df97325d38552d54",
"versionType": "git"
},
{
"lessThan": "bbcc06933f35651294ea1e963757502312c2171f",
"status": "affected",
"version": "e355477ed9e4f401e3931043df97325d38552d54",
"versionType": "git"
},
{
"lessThan": "ab3de780c176bb91995c6166a576b370d9726e17",
"status": "affected",
"version": "e355477ed9e4f401e3931043df97325d38552d54",
"versionType": "git"
},
{
"lessThan": "0aa3ee1e4e5c9ed5dda11249450d609c3072c54e",
"status": "affected",
"version": "e355477ed9e4f401e3931043df97325d38552d54",
"versionType": "git"
},
{
"lessThan": "bacd22df95147ed673bec4692ab2d4d585935241",
"status": "affected",
"version": "e355477ed9e4f401e3931043df97325d38552d54",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/cmd.c",
"include/linux/mlx5/driver.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.223",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.153",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.77",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.7",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix possible use-after-free in async command interface\n\nmlx5_cmd_cleanup_async_ctx should return only after all its callback\nhandlers were completed. Before this patch, the below race between\nmlx5_cmd_cleanup_async_ctx and mlx5_cmd_exec_cb_handler was possible and\nlead to a use-after-free:\n\n1. mlx5_cmd_cleanup_async_ctx is called while num_inflight is 2 (i.e.\n elevated by 1, a single inflight callback).\n2. mlx5_cmd_cleanup_async_ctx decreases num_inflight to 1.\n3. mlx5_cmd_exec_cb_handler is called, decreases num_inflight to 0 and\n is about to call wake_up().\n4. mlx5_cmd_cleanup_async_ctx calls wait_event, which returns\n immediately as the condition (num_inflight == 0) holds.\n5. mlx5_cmd_cleanup_async_ctx returns.\n6. The caller of mlx5_cmd_cleanup_async_ctx frees the mlx5_async_ctx\n object.\n7. mlx5_cmd_exec_cb_handler goes on and calls wake_up() on the freed\n object.\n\nFix it by syncing using a completion object. Mark it completed when\nnum_inflight reaches 0.\n\nTrace:\n\nBUG: KASAN: use-after-free in do_raw_spin_lock+0x23d/0x270\nRead of size 4 at addr ffff888139cd12f4 by task swapper/5/0\n\nCPU: 5 PID: 0 Comm: swapper/5 Not tainted 6.0.0-rc3_for_upstream_debug_2022_08_30_13_10 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x57/0x7d\n print_report.cold+0x2d5/0x684\n ? do_raw_spin_lock+0x23d/0x270\n kasan_report+0xb1/0x1a0\n ? do_raw_spin_lock+0x23d/0x270\n do_raw_spin_lock+0x23d/0x270\n ? rwlock_bug.part.0+0x90/0x90\n ? __delete_object+0xb8/0x100\n ? lock_downgrade+0x6e0/0x6e0\n _raw_spin_lock_irqsave+0x43/0x60\n ? __wake_up_common_lock+0xb9/0x140\n __wake_up_common_lock+0xb9/0x140\n ? __wake_up_common+0x650/0x650\n ? destroy_tis_callback+0x53/0x70 [mlx5_core]\n ? kasan_set_track+0x21/0x30\n ? destroy_tis_callback+0x53/0x70 [mlx5_core]\n ? kfree+0x1ba/0x520\n ? do_raw_spin_unlock+0x54/0x220\n mlx5_cmd_exec_cb_handler+0x136/0x1a0 [mlx5_core]\n ? mlx5_cmd_cleanup_async_ctx+0x220/0x220 [mlx5_core]\n ? mlx5_cmd_cleanup_async_ctx+0x220/0x220 [mlx5_core]\n mlx5_cmd_comp_handler+0x65a/0x12b0 [mlx5_core]\n ? dump_command+0xcc0/0xcc0 [mlx5_core]\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? cmd_comp_notifier+0x7e/0xb0 [mlx5_core]\n cmd_comp_notifier+0x7e/0xb0 [mlx5_core]\n atomic_notifier_call_chain+0xd7/0x1d0\n mlx5_eq_async_int+0x3ce/0xa20 [mlx5_core]\n atomic_notifier_call_chain+0xd7/0x1d0\n ? irq_release+0x140/0x140 [mlx5_core]\n irq_int_handler+0x19/0x30 [mlx5_core]\n __handle_irq_event_percpu+0x1f2/0x620\n handle_irq_event+0xb2/0x1d0\n handle_edge_irq+0x21e/0xb00\n __common_interrupt+0x79/0x1a0\n common_interrupt+0x78/0xa0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x22/0x40\nRIP: 0010:default_idle+0x42/0x60\nCode: c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 04 84 d2 75 14 8b 05 eb 47 22 02 85 c0 7e 07 0f 00 2d e0 9f 48 00 fb f4 \u003cc3\u003e 48 c7 c7 80 08 7f 85 e8 d1 d3 3e fe eb de 66 66 2e 0f 1f 84 00\nRSP: 0018:ffff888100dbfdf0 EFLAGS: 00000242\nRAX: 0000000000000001 RBX: ffffffff84ecbd48 RCX: 1ffffffff0afe110\nRDX: 0000000000000004 RSI: 0000000000000000 RDI: ffffffff835cc9bc\nRBP: 0000000000000005 R08: 0000000000000001 R09: ffff88881dec4ac3\nR10: ffffed1103bd8958 R11: 0000017d0ca571c9 R12: 0000000000000005\nR13: ffffffff84f024e0 R14: 0000000000000000 R15: dffffc0000000000\n ? default_idle_call+0xcc/0x450\n default_idle_call+0xec/0x450\n do_idle+0x394/0x450\n ? arch_cpu_idle_exit+0x40/0x40\n ? do_idle+0x17/0x450\n cpu_startup_entry+0x19/0x20\n start_secondary+0x221/0x2b0\n ? set_cpu_sibling_map+0x2070/0x2070\n secondary_startup_64_no_verify+0xcd/0xdb\n \u003c/TASK\u003e\n\nAllocated by task 49502:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x81/0xa0\n kvmalloc_node+0x48/0xe0\n mlx5e_bulk_async_init+0x35/0x110 [mlx5_core]\n mlx5e_tls_priv_tx_list_cleanup+0x84/0x3e0 [mlx5_core]\n mlx5e_ktls_cleanup_tx+0x38f/0x760 [mlx5_core]\n mlx5e_cleanup_nic_tx+0xa7/0x100 [mlx5_core]\n mlx5e_detach_netdev+0x1c\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T12:22:47.625Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69dd3ad406c49aa69ce4852c15231ac56af8caf9"
},
{
"url": "https://git.kernel.org/stable/c/bbcc06933f35651294ea1e963757502312c2171f"
},
{
"url": "https://git.kernel.org/stable/c/ab3de780c176bb91995c6166a576b370d9726e17"
},
{
"url": "https://git.kernel.org/stable/c/0aa3ee1e4e5c9ed5dda11249450d609c3072c54e"
},
{
"url": "https://git.kernel.org/stable/c/bacd22df95147ed673bec4692ab2d4d585935241"
}
],
"title": "net/mlx5: Fix possible use-after-free in async command interface",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50726",
"datePublished": "2025-12-24T12:22:47.625Z",
"dateReserved": "2025-12-24T12:20:40.330Z",
"dateUpdated": "2025-12-24T12:22:47.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-50726\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:15:59.260\",\"lastModified\":\"2025-12-24T13:15:59.260\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/mlx5: Fix possible use-after-free in async command interface\\n\\nmlx5_cmd_cleanup_async_ctx should return only after all its callback\\nhandlers were completed. Before this patch, the below race between\\nmlx5_cmd_cleanup_async_ctx and mlx5_cmd_exec_cb_handler was possible and\\nlead to a use-after-free:\\n\\n1. mlx5_cmd_cleanup_async_ctx is called while num_inflight is 2 (i.e.\\n elevated by 1, a single inflight callback).\\n2. mlx5_cmd_cleanup_async_ctx decreases num_inflight to 1.\\n3. mlx5_cmd_exec_cb_handler is called, decreases num_inflight to 0 and\\n is about to call wake_up().\\n4. mlx5_cmd_cleanup_async_ctx calls wait_event, which returns\\n immediately as the condition (num_inflight == 0) holds.\\n5. mlx5_cmd_cleanup_async_ctx returns.\\n6. The caller of mlx5_cmd_cleanup_async_ctx frees the mlx5_async_ctx\\n object.\\n7. mlx5_cmd_exec_cb_handler goes on and calls wake_up() on the freed\\n object.\\n\\nFix it by syncing using a completion object. Mark it completed when\\nnum_inflight reaches 0.\\n\\nTrace:\\n\\nBUG: KASAN: use-after-free in do_raw_spin_lock+0x23d/0x270\\nRead of size 4 at addr ffff888139cd12f4 by task swapper/5/0\\n\\nCPU: 5 PID: 0 Comm: swapper/5 Not tainted 6.0.0-rc3_for_upstream_debug_2022_08_30_13_10 #1\\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\\nCall Trace:\\n \u003cIRQ\u003e\\n dump_stack_lvl+0x57/0x7d\\n print_report.cold+0x2d5/0x684\\n ? do_raw_spin_lock+0x23d/0x270\\n kasan_report+0xb1/0x1a0\\n ? do_raw_spin_lock+0x23d/0x270\\n do_raw_spin_lock+0x23d/0x270\\n ? rwlock_bug.part.0+0x90/0x90\\n ? __delete_object+0xb8/0x100\\n ? lock_downgrade+0x6e0/0x6e0\\n _raw_spin_lock_irqsave+0x43/0x60\\n ? __wake_up_common_lock+0xb9/0x140\\n __wake_up_common_lock+0xb9/0x140\\n ? __wake_up_common+0x650/0x650\\n ? destroy_tis_callback+0x53/0x70 [mlx5_core]\\n ? kasan_set_track+0x21/0x30\\n ? destroy_tis_callback+0x53/0x70 [mlx5_core]\\n ? kfree+0x1ba/0x520\\n ? do_raw_spin_unlock+0x54/0x220\\n mlx5_cmd_exec_cb_handler+0x136/0x1a0 [mlx5_core]\\n ? mlx5_cmd_cleanup_async_ctx+0x220/0x220 [mlx5_core]\\n ? mlx5_cmd_cleanup_async_ctx+0x220/0x220 [mlx5_core]\\n mlx5_cmd_comp_handler+0x65a/0x12b0 [mlx5_core]\\n ? dump_command+0xcc0/0xcc0 [mlx5_core]\\n ? lockdep_hardirqs_on_prepare+0x400/0x400\\n ? cmd_comp_notifier+0x7e/0xb0 [mlx5_core]\\n cmd_comp_notifier+0x7e/0xb0 [mlx5_core]\\n atomic_notifier_call_chain+0xd7/0x1d0\\n mlx5_eq_async_int+0x3ce/0xa20 [mlx5_core]\\n atomic_notifier_call_chain+0xd7/0x1d0\\n ? irq_release+0x140/0x140 [mlx5_core]\\n irq_int_handler+0x19/0x30 [mlx5_core]\\n __handle_irq_event_percpu+0x1f2/0x620\\n handle_irq_event+0xb2/0x1d0\\n handle_edge_irq+0x21e/0xb00\\n __common_interrupt+0x79/0x1a0\\n common_interrupt+0x78/0xa0\\n \u003c/IRQ\u003e\\n \u003cTASK\u003e\\n asm_common_interrupt+0x22/0x40\\nRIP: 0010:default_idle+0x42/0x60\\nCode: c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 04 84 d2 75 14 8b 05 eb 47 22 02 85 c0 7e 07 0f 00 2d e0 9f 48 00 fb f4 \u003cc3\u003e 48 c7 c7 80 08 7f 85 e8 d1 d3 3e fe eb de 66 66 2e 0f 1f 84 00\\nRSP: 0018:ffff888100dbfdf0 EFLAGS: 00000242\\nRAX: 0000000000000001 RBX: ffffffff84ecbd48 RCX: 1ffffffff0afe110\\nRDX: 0000000000000004 RSI: 0000000000000000 RDI: ffffffff835cc9bc\\nRBP: 0000000000000005 R08: 0000000000000001 R09: ffff88881dec4ac3\\nR10: ffffed1103bd8958 R11: 0000017d0ca571c9 R12: 0000000000000005\\nR13: ffffffff84f024e0 R14: 0000000000000000 R15: dffffc0000000000\\n ? default_idle_call+0xcc/0x450\\n default_idle_call+0xec/0x450\\n do_idle+0x394/0x450\\n ? arch_cpu_idle_exit+0x40/0x40\\n ? do_idle+0x17/0x450\\n cpu_startup_entry+0x19/0x20\\n start_secondary+0x221/0x2b0\\n ? set_cpu_sibling_map+0x2070/0x2070\\n secondary_startup_64_no_verify+0xcd/0xdb\\n \u003c/TASK\u003e\\n\\nAllocated by task 49502:\\n kasan_save_stack+0x1e/0x40\\n __kasan_kmalloc+0x81/0xa0\\n kvmalloc_node+0x48/0xe0\\n mlx5e_bulk_async_init+0x35/0x110 [mlx5_core]\\n mlx5e_tls_priv_tx_list_cleanup+0x84/0x3e0 [mlx5_core]\\n mlx5e_ktls_cleanup_tx+0x38f/0x760 [mlx5_core]\\n mlx5e_cleanup_nic_tx+0xa7/0x100 [mlx5_core]\\n mlx5e_detach_netdev+0x1c\\n---truncated---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0aa3ee1e4e5c9ed5dda11249450d609c3072c54e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/69dd3ad406c49aa69ce4852c15231ac56af8caf9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ab3de780c176bb91995c6166a576b370d9726e17\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bacd22df95147ed673bec4692ab2d4d585935241\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bbcc06933f35651294ea1e963757502312c2171f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…