CVE-2024-53120

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 2, 2024
Updated: Dec 14, 2024
CWE ID 476

Summary

CVE-2024-53120 is a kernel vulnerability impacting Linux systems. In the net/mlx5e driver, an uninitialized pointer in the add rule err flow of mlx5_tc_ct_entry_add_rule() function can result in a null pointer dereference. This issue can lead to a kernel panic and potential system instability. The vulnerability affects mlx5_core and is triggered when ct_rule_add() calls its callback with an error. The kernel log shows the address of the NULL pointer dereference at 0000000000000110, with the RIP pointing to mlx5_tc_ct_entry_add_rule+0x2b1. The call trace indicates that this function is used in nf_flow_offload and nf_flow_table, potentially impacting network traffic handling.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share