CVE-2024-53126

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 4, 2024
Updated: Dec 11, 2024

Summary

CVE-2024-53126 is a vulnerability affecting the Linux kernel's vdpa driver developed by SolidRun. The issue lies in the functions psnet_open_pf_bar() and snet_open_vf_bar(), where a string is placed on the stack prior to being passed to pcim_iomap_regions(). Since pcim_iomap_regions() and the functions it calls do not copy the string, using it later results in undefined behavior due to the stack frame disappearing. This vulnerability has been mitigated by allocating the strings on the heap using devm_kasprintf().

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share