CVE-2025-39979

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: fs, fix UAF in flow counter release

Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in mlx5cmdhwsdeletefte(), where the HWS action refcount and mutex were not initialized and the counter struct could already be freed when deleting the rule.

Fix it by adding the missing initializations and adding refcount for the local flow counter struct.

[1] Kernel log: Call Trace: <TASK> dumpstacklvl+0x34/0x48 mlx5fsputhwsaction.part.0.cold+0x21/0x94 [mlx5core] mlx5fcputhwsaction+0x96/0xad [mlx5core] mlx5fsdestroyfsactions+0x8b/0x152 [mlx5core] mlx5cmdhwsdeletefte+0x5a/0xa0 [mlx5core] delhwfte+0x1ce/0x260 [mlx5core] mlx5delflowrules+0x12d/0x240 [mlx5core] ? ttwuqueuewakelist+0xf4/0x110 mlx5ibdestroyflow+0x103/0x1b0 [mlx5ib] uverbsfreeflow+0x20/0x50 [ibuverbs] destroyhwidruobject+0x1b/0x50 [ibuverbs] uverbsdestroyuobject+0x34/0x1a0 [ibuverbs] uobjdestroy+0x3c/0x80 [ibuverbs] ibuverbsrunmethod+0x23e/0x360 [ibuverbs] ? uverbsfinalizeobject+0x60/0x60 [ibuverbs] ibuverbscmdverbs+0x14f/0x2c0 [ibuverbs] ? dottywrite+0x1a9/0x270 ? filettywrite.constprop.0+0x98/0xc0 ? newsyncwrite+0xfc/0x190 ibuverbsioctl+0xd7/0x160 [ibuverbs] _x64sysioctl+0x87/0xc0 dosyscall64+0x59/0x90