CVE-2024-53121
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-53121 is a vulnerability discovered in the Linux kernel's net/mlx5 module. The issue arises from a race condition in the process of deleting Flow Table Entries (FTEs), which can lead to a panic. This vulnerability is caused by fs_core setting the hardware deletion function to NULL prematurely during simultaneous rule deletions. To mitigate this, ensure that the active flag of the FTE is checked under a lock to prevent newly attached rules from being added to an FTE in the process of deletion. This issue resulted in a warning message and memory leak during the mlx5_del_flow_rules function execution.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.