Description
In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool selftest, during which time nic_data->mc_stats is NULL as the NIC has been fini'd. In this case do not attempt to fetch the latest stats from the hardware, else we will crash on a NULL dereference: BUG: kernel NULL pointer dereference, address: 0000000000000038 RIP efx_nic_update_stats abridged calltrace: efx_ef10_update_stats_pf efx_net_stats dev_get_stats dev_seq_printf_stats Skipping the read is safe, we will simply give out stale stats. To ensure that the free in efx_ef10_fini_nic() does not race against efx_ef10_update_stats_pf(), which could cause a TOCTTOU bug, take the efx->stats_lock in fini_nic (it is already held across update_stats).
INFO
Published Date :
2025-12-24T13:07:06.043Z
Last Modified :
2025-12-24T13:07:06.043Z
Source :
Linux
AFFECTED PRODUCTS
The following products are affected by CVE-2023-54156 vulnerability.
| Vendors | Products |
|---|---|
| Linux |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2023-54156.
