CVE-2024-53044

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 27, 2024

Summary

CVE-2024-53044: A vulnerability in the Linux kernel net/sched component allows for failed operations when setting ingress and egress blocks with the same index in the clsact QDisc. The issue occurs because the same &q->ingress_block pointer is used for both ingress and egress blocks, resulting in the dev being added to the block->ports xarray twice when calling tcf_block_get_ext(). This failure can only be recovered from by rebooting the system or unbinding and rebinding the net device driver. To rectify the bug, the correct error teardown path needs to be filled, and tcf_block_offload_unbind() should be called when xa_insert() fails. The label naming convention in tcf_block_get_ext() is also criticized for contributing to the issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share