CVE-2024-53120 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
OSV8.8OSV7.8
EPSS
0.0%
top 99.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 2
Latest updateMay 26
Description
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add()
callback returns error, zone_rule->attr is used uninitiated. Fix it to
use attr which has the needed pointer value.
Kernel log:
BUG: kernel NULL pointer dereference, address: 0000000000000110
RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]
…
Call Trace:
? __die+0x20/0x70
? page_fault_oops+0x1…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6