Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Collect command failures data only for known commands
DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn’t create a storage for this command, since mlx5 doesn’t use it. This lead to array-index-out-of-bounds error.
Fix it by checking whether the command is known before collecting the failure data.
Details
- Affected product:
- AlmaLinux 9.2 ESU , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , TuxCare 9.6 ESU
- Affected packages:
- kernel @ 5.14.0 (+4 more)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Collect command failures data only for known commands
DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn’t create a storage for this command, since mlx5 doesn’t use it. This lead to array-index-out-of-bounds error.
Fix it by checking whether the command is known before collecting the failure data.