CVE-2024-53110

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 2, 2024
Updated: Dec 11, 2024

Summary

CVE-2024-53110 is a recently identified vulnerability in the Linux kernel. Specifically, it affects the vp_vdpa component and stems from a null termination error in the id_table array. Consequently, vdpa_mgmtdev_get_classes() function may iterate beyond defined memory, leading to undefined behavior. To mitigate this issue, an extra null terminator has been allocated for virtio_device_id to ensure proper array termination and prevent potential memory access violations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share