CVE-2024-53240NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents7 sources
Severity
5.7MEDIUMNVD
EPSS
0.0%
top 88.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedDec 24
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying to stop them. This is XSA-465 / CVE-2024-53240.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.1 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel4.19.2694.20+9
Debianlinux/linux_kernel< 5.10.234-1+3
CVEListV5linux/linuxed773dd798bf720756d20021b8d8a4a3d7184bda20f7f0cf7af5d81b218202ef504223af84b16a8f+9
debiandebian/linux< linux 6.1.123-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.123-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-prjx-w4x5-gf5v: In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device dir2024-12-24
OSV
CVE-2024-53240: In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device direc2024-12-24
Kernel
xen/netfront: fix crash when removing device2024-11-07

📋Vendor Advisories

3
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Red Hat
kernel: xen: netfront: Backend can crash Linux netfront (Xen Security Advisory 465)2024-12-17
Debian
CVE-2024-53240: linux - In the Linux kernel, the following vulnerability has been resolved: xen/netfron...2024