| The vulnerability CVE-2021-46948 affects the Linux kernel's `sfc` driver, specifically in the `farch.c` file. The issue arises from incorrect TX queue lookup in TX event handling, where the function `efx_channel_get_tx_queue()` is used with a TXQ label instead of a TXQ type, which can return NULL and lead to panics. |
| |
| The problem occurs because the code starts from a TXQ label, not a TXQ type, making the `efx_channel_get_tx_queue()` function inappropriate for this context. This vulnerability was introduced in kernel version 5.10 with commit 12804793b17c and has been fixed in various kernel versions, including 5.10.36, 5.11.20, 5.12.3, and 5.13. |
| |
| The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested alone and cherry-picking commits is not supported by the Linux kernel community. However, if updating is impossible, the individual changes to fix this issue can be found in the specified commit hashes. |
| |
