| The vulnerability, identified as CVE-2021-46916, affects the ixgbe driver in the Linux kernel. Specifically, it occurs when performing the ethtool loopback test, which causes a NULL pointer dereference. This happens because there is no q_vector associated with the test ring when it is set up, and interrupts are not normally added to the test rings. |
| |
| The issue arises due to the lack of a q_vector check before returning a napi_id value. To fix this, code has been added to check for a q_vector before returning a napi_id value. If a q_vector is not present, it will return a value of 0, preventing the NULL pointer dereference. |
| |
| The vulnerability was introduced in kernel version 5.11 with commit b02e5a0ebb17 and fixed in versions 5.11.16 with commit 758d19098df4 and 5.12 with commit 31166efb1cee. The affected file is `drivers/net/ethernet/intel/ixgbe/ixgbe_main.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version or applying the individual commits that fix the issue. |
| |
