CVE-2024-44933: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was discovered in the Linux kernel's bnxt_en driver affecting the handling of RSS (Receive Side Scaling) indirection tables. The issue occurs when using older firmware that doesn't require RX ring reservations, where hw_resc->resv_rx_rings is not always set to the proper value. This can lead to an out-of-bounds memory access in bnxt_fill_hw_rss_tbl() function (Kernel Git).

The vulnerability stems from a logic error in the __bnxt_reserve_rings() function where the comparison 'if (old_rx_rings != bp->hw_resc.resv_rx_rings)' may incorrectly evaluate to false even when RX rings are changing. This causes the function to skip setting the default RSS indirection table, which later results in bnxt_fill_hw_rss_tbl() using an out-of-range index. The issue affects systems using older firmware where BNXT_NEW_RM() returns false. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 MEDIUM (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD).

When exploited, this vulnerability can cause a kernel memory out-of-bounds access, leading to system crashes and potential denial of service. This is evidenced by KASAN (Kernel Address Sanitizer) reports showing slab-out-of-bounds access in the __bnxt_hwrm_vnic_set_rss function (Kernel Git).

The issue has been fixed by moving the bnxt_check_rss_tbl_no_rmgr() call up in bnxt_need_reserve_rings() to be called unconditionally when using older firmware. The fix ensures proper handling of RSS indirection tables regardless of firmware version. Users are advised to update to patched kernel versions that include this fix (Kernel Git).