crash in ENA driver on removing an interface
Bug #1802341 reported by
Kamal Mostafa
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Kamal Mostafa | ||
Xenial |
Fix Released
|
Undecided
|
Kamal Mostafa | ||
Bionic |
Fix Released
|
Undecided
|
Kamal Mostafa | ||
Cosmic |
Fix Released
|
Undecided
|
Kamal Mostafa | ||
Disco |
Fix Released
|
Undecided
|
Kamal Mostafa | ||
linux-aws (Ubuntu) |
Fix Released
|
Undecided
|
Kamal Mostafa | ||
Xenial |
Fix Released
|
Undecided
|
Kamal Mostafa | ||
Bionic |
Fix Released
|
Undecided
|
Kamal Mostafa | ||
Cosmic |
Fix Released
|
Undecided
|
Kamal Mostafa | ||
Disco |
Fix Released
|
Undecided
|
Kamal Mostafa |
Bug Description
Bug present in ENA since driver version 1.6; manifests as a crash only under some conditions.
In ena_remove() we have the following stack call:
ena_remove()
unregiste
ena_
Calling netif_carrier_off() causes linkwatch to try to handle the
link change event on the already unregistered netdev, which leads
to a read from an unreadable memory address.
CVE References
Changed in linux (Ubuntu Xenial): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
Changed in linux (Ubuntu Bionic): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
Changed in linux (Ubuntu Cosmic): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
Changed in linux (Ubuntu Xenial): | |
status: | New → In Progress |
Changed in linux (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in linux (Ubuntu Cosmic): | |
status: | New → In Progress |
Changed in linux-aws (Ubuntu Xenial): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
status: | New → In Progress |
Changed in linux-aws (Ubuntu Bionic): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
status: | New → In Progress |
Changed in linux-aws (Ubuntu Cosmic): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
status: | New → In Progress |
Changed in linux-aws (Ubuntu Disco): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
status: | New → In Progress |
tags: | added: patch |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Cosmic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Disco): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-bionic verification-done-cosmic verification-done-xenial removed: verification-needed-bionic verification-needed-cosmic verification-needed-xenial |
Changed in linux-aws (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux-aws (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux-aws (Ubuntu Cosmic): | |
status: | In Progress → Fix Committed |
Changed in linux-aws (Ubuntu Disco): | |
status: | In Progress → Fix Committed |
tags: | added: cscc |
To post a comment you must log in.
Attached patch, developed in conjunction with the ENA dev team, fixes the problem. This patch is soon-to-be submitted upstream.