CVE-2024-53113
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-53113 is a vulnerability affecting the Linux kernel where a NULL pointer dereference occurs in the function "alloc_pages_bulk_noprof" during task migration between different cpusets. Specifically, the issue arises when the ac->nodemask in prepare_alloc_pages() is modified concurrently, leading to ac->preferred_zoneref pointing to a NULL zone. This results in a NULL pointer dereference when for_each_zone_zonelist_nodemask() is called in alloc_pages_bulk_noprof(). The issue has been resolved through commits a57485af8f4 and df76cee6bbeb in the Linux kernel, which add checks to prevent the NULL pointer dereference. To mitigate this vulnerability, it is recommended to check for NULL pointers in preferred_zoneref->zone.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.