Impact
A buffer size miscalculation in the mlx5_query_nic_vport_mac_list function can cause a slab‑out‑of‑bounds read when a virtual function vport is configured with a maximum MAC list larger than the firmware reports. The overflow allows the kernel to read beyond the allocated buffer, exposing kernel memory and providing a foothold for privilege escalation or arbitrary code execution. The bug is a classic buffer overflow that occurs during query operations.
Affected Systems
The flaw resides in the Linux kernel’s Mellanox mlx5 driver and affects all kernel releases that ship the unpatched driver, regardless of distribution. Any system running a kernel version that has not yet incorporated the fix for this issue is impacted, including the 7.0.0-rc6 release referenced in the advisory.
Risk and Exploitability
The advisory lists an EPSS score of <1% and indicates that the vulnerability is not listed in the CISA KEV catalog, suggesting that no active exploitation has been observed in the wild. The CVSS score of 8.7 indicates high severity. Based on the description, the likely attack vector involves controlling devlink settings for a Mellanox device or exploiting a remote management interface exposed by the device, which can be achieved by local privileged processes or remote attacks. The potential impact ranges from denial of service to full kernel compromise, depending on whether the attacker can successfully trigger the overflow to read or corrupt kernel memory.
OpenCVE Enrichment