5.5

CVE-2024-50000

net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()

In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
which is dereferenced on the next line in a reference
to the modify field.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 5.15.168
LinuxLinux Kernel Version >= 5.16 < 6.1.113
LinuxLinux Kernel Version >= 6.2 < 6.6.55
LinuxLinux Kernel Version >= 6.7 < 6.10.14
LinuxLinux Kernel Version >= 6.11 < 6.11.3
LinuxLinux Kernel Version6.12 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.142
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/0168ab6fbd9e50d20b97486168b604b2ab28a2ca
Patch
https://git.kernel.org/stable/c/1bcc86cc721bea68980098f51f102aa2c2b9d932
Patch
https://git.kernel.org/stable/c/4655456a64a0f936098c8432bac64e7176bd2aff
Patch
https://git.kernel.org/stable/c/4d80dde26d7bab1320210279483ac854dcb274b2
Patch
https://git.kernel.org/stable/c/b48ee5bb25c02ca2b81e0d16bf8af17ab6ed3f8b
Patch
https://git.kernel.org/stable/c/f25389e779500cf4a59ef9804534237841bce536
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html