CVE-2024-53138
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Dec 4, 2024
Updated: Dec 14, 2024
Summary
CVE-2024-53138: A vulnerability in the Linux kernel's net/mlx5e module has been addressed. The kTLS tx handling code incorrectly manages page references, using a combination of get_page() and page_ref_inc() APIs. On the release path, only put_page() is employed. This issue arises when dealing with large folios, resulting in excessive dereferencing of folio pages. This vulnerability was discovered during kTLS testing utilizing sendfile() and ZC, with the served file being read from an NFS system featuring large folios support (commit 49b29a573da8).
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share