CVE-2024-53121

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 2, 2024
Updated: Dec 14, 2024
CWE ID 362

Summary

CVE-2024-53121 is a vulnerability discovered in the Linux kernel's net/mlx5 module. The issue arises from a race condition in the process of deleting Flow Table Entries (FTEs), which can lead to a panic. This vulnerability is caused by fs_core setting the hardware deletion function to NULL prematurely during simultaneous rule deletions. To mitigate this, ensure that the active flag of the FTE is checked under a lock to prevent newly attached rules from being added to an FTE in the process of deletion. This issue resulted in a warning message and memory leak during the mlx5_del_flow_rules function execution.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share