CVE-2024-50297

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 27, 2024
CWE ID 362

Summary

[CVE-2024-50297] The Linux kernel contains a vulnerability in the axienet driver for Xilinx devices. This issue is related to enqueueing Tx packets in the data queueing list (dql) before the dmaengine starts. A race condition occurs as a result, causing the kernel to crash during an iperf stress test. The crash is characterized by a BUG report with an internal error, and is traced back to the dql_completed function. Resolving this vulnerability involves starting the dmaengine after enqueueing in dql to prevent the race condition and subsequent crash.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share