| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACKFLins__qAd=RrSGLXf+2_rf-VWbodqEaoMAZZJoU69Uw7=w@mail.gmail.com>
Date: Tue, 26 Aug 2025 16:32:10 -0700
From: Michael Chan <michael.chan@...adcom.com>
To: qianjiaru77@...il.com
Cc: pavan.chebbi@...adcom.com, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, andrew+netdev@...n.ch,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] VF Resource State Inconsistency Vulnerability in
Linux bnxt_en Driver
On Tue, Aug 26, 2025 at 9:25 AM <qianjiaru77@...il.com> wrote:
> ## Root Cause Analysis
>
> The vulnerability exists in the VF resource reservation logic
> where older firmware versions receive incomplete state updates.
>
> ## Vulnerability Mechanism
>
> 1. **Incomplete State Update**:
> Old firmware path only updates `resv_tx_rings`,
> ignoring other critical fields
> 2. **Missing Hardware Sync**:
> No call to `bnxt_hwrm_get_rings()` to sync complete state
> 3. **Inconsistent Resource Records**:
> `bp->hw_resc` structure contains stale/inconsistent values
> 4. **False Success**:
> Returns success without performing actual hardware resource reservation
>
I will review the driver's code path (!BNXT_NEW_RM(bp)) to support the
older FW that only requires reservations for the TX rings. This FW is
generally about 7 years old. More recently added code may not handle
this code path correctly and may have the issue that you pointed out.
Thanks.
Download attachment "smime.p7s" of type "application/pkcs7-signature" (4196 bytes)
Powered by blists - more mailing lists