Description
In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool selftest, during which time nic_data->mc_stats is NULL as the NIC has been fini'd. In this case do not attempt to fetch the latest stats from the hardware, else we will crash on a NULL dereference: BUG: kernel NULL pointer dereference, address: 0000000000000038 RIP efx_nic_update_stats abridged calltrace: efx_ef10_update_stats_pf efx_net_stats dev_get_stats dev_seq_printf_stats Skipping the read is safe, we will simply give out stale stats. To ensure that the free in efx_ef10_fini_nic() does not race against efx_ef10_update_stats_pf(), which could cause a TOCTTOU bug, take the efx->stats_lock in fini_nic (it is already held across update_stats).
Product status
d3142c193dca9a2f6878f4128ce1aaf221bb3f99 (git) before cb1aa7cc562cab6a87ea33574c8c65f2d2fd7aeb
d3142c193dca9a2f6878f4128ce1aaf221bb3f99 (git) before 91f4ef204e731565afdc6c2a7fcf509a3fd6fd67
d3142c193dca9a2f6878f4128ce1aaf221bb3f99 (git) before 446f5567934331923d0aec4ce045e4ecb0174aae
d3142c193dca9a2f6878f4128ce1aaf221bb3f99 (git) before 470152d76b3ed107d172ea46acc4bfa941f20b4b
d3142c193dca9a2f6878f4128ce1aaf221bb3f99 (git) before aba32b4c58112960c0c708703ca6b44dc8944082
d3142c193dca9a2f6878f4128ce1aaf221bb3f99 (git) before d1b355438b8325a486f087e506d412c4e852f37b
5.9
Any version before 5.9
5.10.188 (semver)
5.15.121 (semver)
6.1.39 (semver)
6.3.13 (semver)
6.4.4 (semver)
6.5 (original_commit_for_fix)
References
git.kernel.org/...c/cb1aa7cc562cab6a87ea33574c8c65f2d2fd7aeb
git.kernel.org/...c/91f4ef204e731565afdc6c2a7fcf509a3fd6fd67
git.kernel.org/...c/446f5567934331923d0aec4ce045e4ecb0174aae
git.kernel.org/...c/470152d76b3ed107d172ea46acc4bfa941f20b4b
git.kernel.org/...c/aba32b4c58112960c0c708703ca6b44dc8944082
git.kernel.org/...c/d1b355438b8325a486f087e506d412c4e852f37b
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
