What is the severity of CVE-2024-53120?

CVE-2024-53120 is classified with a severity that indicates a potential impact on system stability due to a null pointer dereference in the Linux kernel.

How do I fix CVE-2024-53120?

To fix CVE-2024-53120, update your Linux kernel to a patched version that addresses this vulnerability.

Which versions of the Linux kernel are affected by CVE-2024-53120?

CVE-2024-53120 affects multiple versions of the Linux kernel, specifically versions between 5.14 and 6.1.119, 6.2 and 6.6.63, and several release candidates of 6.12.

What systems are vulnerable to CVE-2024-53120?

Systems running vulnerable versions of the Linux kernel, particularly in environments using the mlx5e driver, are at risk for CVE-2024-53120.

Is CVE-2024-53120 remote or local vulnerability?

CVE-2024-53120 is considered a local vulnerability as it requires local access to exploit the null pointer dereference in the affected kernel code.

Vulnerability/
CVE-2024-53120

medium

5.5

CWE

476

2/12/2024

19/12/2024

CVE-2024-53120: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow

First published: Mon Dec 02 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value. Kernel log: BUG: kernel NULL pointer dereference, address: 0000000000000110 RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] … Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x140 ? asm_exc_page_fault+0x22/0x30 ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core] mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core] ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] flow_offload_work_handler+0x142/0x320 [nf_flow_table] ? finish_task_switch.isra.0+0x15b/0x2b0 process_one_work+0x16c/0x320 worker_thread+0x28c/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xb8/0xf0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK>

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel	>=5.14<6.1.119
Linux Kernel	>=6.2<6.6.63
Linux Kernel	>=6.7<6.11.10
Linux Kernel	=6.12-rc1
Linux Kernel	=6.12-rc2
Linux Kernel	=6.12-rc3
Linux Kernel	=6.12-rc4
Linux Kernel	=6.12-rc5
Linux Kernel	=6.12-rc6
Linux Kernel	=6.12-rc7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-53120?
CVE-2024-53120 is classified with a severity that indicates a potential impact on system stability due to a null pointer dereference in the Linux kernel.
How do I fix CVE-2024-53120?
To fix CVE-2024-53120, update your Linux kernel to a patched version that addresses this vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-53120?
CVE-2024-53120 affects multiple versions of the Linux kernel, specifically versions between 5.14 and 6.1.119, 6.2 and 6.6.63, and several release candidates of 6.12.
What systems are vulnerable to CVE-2024-53120?
Systems running vulnerable versions of the Linux kernel, particularly in environments using the mlx5e driver, are at risk for CVE-2024-53120.
Is CVE-2024-53120 remote or local vulnerability?
CVE-2024-53120 is considered a local vulnerability as it requires local access to exploit the null pointer dereference in the affected kernel code.

agent/title
agent/description
agent/type
agent/first-publish-date
agent/author
agent/event
agent/remedy
agent/severity
agent/softwarecombine
agent/references
agent/weakness
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/linux
canonical/linux kernel
version/linux kernel/5.14
version/linux kernel/6.2
version/linux kernel/6.7
version/linux kernel/6.12-rc1
version/linux kernel/6.12-rc2
version/linux kernel/6.12-rc3
version/linux kernel/6.12-rc4
version/linux kernel/6.12-rc5
version/linux kernel/6.12-rc6
version/linux kernel/6.12-rc7

Frequently Asked Questions

What is the severity of CVE-2024-53120?
CVE-2024-53120 is classified with a severity that indicates a potential impact on system stability due to a null pointer dereference in the Linux kernel.
How do I fix CVE-2024-53120?
To fix CVE-2024-53120, update your Linux kernel to a patched version that addresses this vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-53120?
CVE-2024-53120 affects multiple versions of the Linux kernel, specifically versions between 5.14 and 6.1.119, 6.2 and 6.6.63, and several release candidates of 6.12.
What systems are vulnerable to CVE-2024-53120?
Systems running vulnerable versions of the Linux kernel, particularly in environments using the mlx5e driver, are at risk for CVE-2024-53120.
Is CVE-2024-53120 remote or local vulnerability?
CVE-2024-53120 is considered a local vulnerability as it requires local access to exploit the null pointer dereference in the affected kernel code.

CVE-2024-53120: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-53120?

How do I fix CVE-2024-53120?

Which versions of the Linux kernel are affected by CVE-2024-53120?

What systems are vulnerable to CVE-2024-53120?

Is CVE-2024-53120 remote or local vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-53120?

How do I fix CVE-2024-53120?

Which versions of the Linux kernel are affected by CVE-2024-53120?

What systems are vulnerable to CVE-2024-53120?

Is CVE-2024-53120 remote or local vulnerability?