5.5
CVE-2024-53120
- EPSS 0.24%
- Veröffentlicht 02.12.2024 14:15:12
- Zuletzt bearbeitet 03.11.2025 23:17:21
- CVE-Watchlists
- Unerledigt
net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value. Kernel log: BUG: kernel NULL pointer dereference, address: 0000000000000110 RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] … Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x140 ? asm_exc_page_fault+0x22/0x30 ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core] mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core] ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] flow_offload_work_handler+0x142/0x320 [nf_flow_table] ? finish_task_switch.isra.0+0x15b/0x2b0 process_one_work+0x16c/0x320 worker_thread+0x28c/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xb8/0xf0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK>
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.14 < 6.1.119
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.63
Linux ≫ Linux Kernel Version >= 6.7 < 6.11.10
Linux ≫ Linux Kernel Version6.12 Updaterc1
Linux ≫ Linux Kernel Version6.12 Updaterc2
Linux ≫ Linux Kernel Version6.12 Updaterc3
Linux ≫ Linux Kernel Version6.12 Updaterc4
Linux ≫ Linux Kernel Version6.12 Updaterc5
Linux ≫ Linux Kernel Version6.12 Updaterc6
Linux ≫ Linux Kernel Version6.12 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.144 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/06dc488a593020bd2f006798557d2a32104d8359
https://git.kernel.org/stable/c/0c7c70ff8b696cfedba350411dca736361ef9a0f
https://git.kernel.org/stable/c/6030f8bd7902e9e276a0edc09bf11979e4e2bc2e
https://git.kernel.org/stable/c/882f392d9e3649557e71efd78ae20c86039ffb7c
https://git.kernel.org/stable/c/e99c6873229fe0482e7ceb7d5600e32d623ed9d9
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html