In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: fix a potential double-free in fs_any_create_groups
When kcalloc() for ft->g succeeds but kvzalloc() for in fails,
fs_any_create_groups() will free ft->g. However, its caller
fs_any_create_table() will free ft->g again through calling
mlx5e_destroy_flow_table(), which will lead to a double-free.
Fix this by setting ft->g to NULL in fs_any_create_groups().
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c"
],
"versions": [
{
"version": "0f575c20bf06",
"lessThan": "72a729868592",
"status": "affected",
"versionType": "git"
},
{
"version": "0f575c20bf06",
"lessThan": "b2fa86b2aceb",
"status": "affected",
"versionType": "git"
},
{
"version": "0f575c20bf06",
"lessThan": "2897c981ee63",
"status": "affected",
"versionType": "git"
},
{
"version": "0f575c20bf06",
"lessThan": "65a4ade8a6d2",
"status": "affected",
"versionType": "git"
},
{
"version": "0f575c20bf06",
"lessThan": "aef855df7e1b",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c"
],
"versions": [
{
"version": "5.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.13",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.149",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.76",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.15",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.3",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]
git.kernel.org/stable/c/2897c981ee63e1be5e530b1042484626a10b26d8
git.kernel.org/stable/c/65a4ade8a6d205979292e88beeb6a626ddbd4779
git.kernel.org/stable/c/72a729868592752b5a294d27453da264106983b1
git.kernel.org/stable/c/aef855df7e1bbd5aa4484851561211500b22707e
git.kernel.org/stable/c/b2fa86b2aceb4bc9ada51cea90f61546d7512cbe