Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]net/mlx5e: Disable MACsec offload for uplink representor profile[EOL][EOL]MACsec offload is not supported in switchdev mode for uplink[EOL]representors. When switching to the uplink representor profile, the[EOL]MACsec offload feature must be cleared from the netdevice's features.[EOL][EOL]If left enabled, attempts to add offloads result in a null pointer[EOL]dereference, as the uplink representor does not support MACsec offload[EOL]even though the feature bit remains set.[EOL][EOL]Clear NETIF_F_HW_MACSEC in mlx5e_fix_uplink_rep_features().[EOL][EOL]Kernel log:[EOL][EOL]Oops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN[EOL]KASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f][EOL]CPU: 29 UID: 0 PID: 4714 Comm: ip Not tainted 6.14.0-rc4_for_upstream_debug_2025_03_02_17_35 #1[EOL]Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014[EOL]RIP: 0010:__mutex_lock+0x128/0x1dd0[EOL]Code: d0 7c 08 84 d2 0f 85 ad 15 00 00 8b 35 91 5c fe 03 85 f6 75 29 49 8d 7e 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a6 15 00 00 4d 3b 76 60 0f 85 fd 0b 00 00 65 ff[EOL]RSP: 0018:ffff888147a4f160 EFLAGS: 00010206[EOL]RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001[EOL]RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000078[EOL]RBP: ffff888147a4f2e0 R08: ffffffffa05d2c19 R09: 0000000000000000[EOL]R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000[EOL]R13: dffffc0000000000 R14: 0000000000000018 R15: ffff888152de0000[EOL]FS:  00007f855e27d800(0000) GS:ffff88881ee80000(0000) knlGS:0000000000000000[EOL]CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033[EOL]CR2: 00000000004e5768 CR3: 000000013ae7c005 CR4: 0000000000372eb0[EOL]DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000[EOL]DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400[EOL]Call Trace:[EOL] <TASK>[EOL] ? die_addr+0x3d/0xa0[EOL] ? exc_general_protection+0x144/0x220[EOL] ? asm_exc_general_protection+0x22/0x30[EOL] ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core][EOL] ? __mutex_lock+0x128/0x1dd0[EOL] ? lockdep_set_lock_cmp_fn+0x190/0x190[EOL] ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core][EOL] ? mutex_lock_io_nested+0x1ae0/0x1ae0[EOL] ? lock_acquire+0x1c2/0x530[EOL] ? macsec_upd_offload+0x145/0x380[EOL] ? lockdep_hardirqs_on_prepare+0x400/0x400[EOL] ? kasan_save_stack+0x30/0x40[EOL] ? kasan_save_stack+0x20/0x40[EOL] ? kasan_save_track+0x10/0x30[EOL] ? __kasan_kmalloc+0x77/0x90[EOL] ? __kmalloc_noprof+0x249/0x6b0[EOL] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xb5/0x240[EOL] ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core][EOL] mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core][EOL] ? mlx5e_macsec_add_rxsa+0x11a0/0x11a0 [mlx5_core][EOL] macsec_update_offload+0x26c/0x820[EOL] ? macsec_set_mac_address+0x4b0/0x4b0[EOL] ? lockdep_hardirqs_on_prepare+0x284/0x400[EOL] ? _raw_spin_unlock_irqrestore+0x47/0x50[EOL] macsec_upd_offload+0x2c8/0x380[EOL] ? macsec_update_offload+0x820/0x820[EOL] ? __nla_parse+0x22/0x30[EOL] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x15e/0x240[EOL] genl_family_rcv_msg_doit+0x1cc/0x2a0[EOL] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x240/0x240[EOL] ? cap_capable+0xd4/0x330[EOL] genl_rcv_msg+0x3ea/0x670[EOL] ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0[EOL] ? lockdep_set_lock_cmp_fn+0x190/0x190[EOL] ? macsec_update_offload+0x820/0x820[EOL] netlink_rcv_skb+0x12b/0x390[EOL] ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0[EOL] ? netlink_ack+0xd80/0xd80[EOL] ? rwsem_down_read_slowpath+0xf90/0xf90[EOL] ? netlink_deliver_tap+0xcd/0xac0[EOL] ? netlink_deliver_tap+0x155/0xac0[EOL] ? _copy_from_iter+0x1bb/0x12c0[EOL] genl_rcv+0x24/0x40[EOL] netlink_unicast+0x440/0x700[EOL] ? netlink_attachskb+0x760/0x760[EOL] ? lock_acquire+0x1c2/0x530[EOL] ? __might_fault+0xbb/0x170[EOL] netlink_sendmsg+0x749/0xc10[EOL] ? netlink_unicast+0x700/0x700[EOL] ? __might_fault+0xbb/0x170[EOL] ? netlink_unicast+0x700/0x700[EOL] __sock_sendmsg+0xc5/0x190[EOL] ____sys_sendmsg+0x53f/0x760[EOL] ? import_iovec+0x7/0x10[EOL] ? kernel_sendmsg+0x30/0x30[EOL] ? __copy_msghdr+0x3c0/0x3c0[EOL] ? filter_irq_stacks+0x90/0x90[EOL] ? stack_depot_save_flags+0x28/0xa30[EOL] ___sys_sen[EOL]---truncated---

CREATE(Triage):(User=lchen-cn) [CVE-2025-38020 (https://nvd.nist.gov/vuln/detail/CVE-2025-38020)