The Linux kernel's mlx4 driver is a network interface card (NIC) driver for Mellanox ConnectX adapters. This vulnerability affects the mlx4_en_create_rx_ring function, which can lead to invalid pointer dereferences if an error occurs during ring creation.
Specific version info not stated in the advisory.
To fix this vulnerability, update your Linux kernel to version 5.16 or later. You can do this by:
sudo apt-get update && sudo apt-get install linux-image-$(uname -r))Immediate mitigations:
- Restrict network access to your Mellanox ConnectX adapters (firewall them from the public internet)
- Monitor for mlx4 driver crashes or errors
- Audit system logs for suspicious mlx4-related activity