CVE-2024-53042
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-53042 is a vulnerability affecting the Linux kernel's ipv4 ip_tunnel module. The issue arises from code paths in ip_tunnel_init_flow() where the function is called without holding the RCU read lock, leading to a suspicious RCU usage warning. This can potentially cause unintended behavior and pose a security risk. The vulnerability has been mitigated by using l3mdev_master_upper_ifindex_by_index() which acquires the RCU read lock before calling l3mdev_master_upper_ifindex_by_index_rcu(). The warning was observed in kernel version 6.12.0-rc3-custom-gac8f72681cf2, and further investigation revealed that the RCU scheduler was active, and the offending lock was held by the 'ip' process.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX