CVE-2024-53120

MEDIUM

Linux Kernel 5.14-6.1.118, 5.15-5.15.173, 6.2-6.6.62, 6.7-6.11.9 - NULL Pointer Dereference

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value. Kernel log: BUG: kernel NULL pointer dereference, address: 0000000000000110 RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] … Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x140 ? asm_exc_page_fault+0x22/0x30 ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core] mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core] ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] flow_offload_work_handler+0x142/0x320 [nf_flow_table] ? finish_task_switch.isra.0+0x15b/0x2b0 process_one_work+0x16c/0x320 worker_thread+0x28c/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xb8/0xf0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK>

References (6)

Core 6

Scores

CVSS v3 5.5
EPSS 0.0023
EPSS Percentile 13.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (18)
linux/Kernel 5.14.0 - 5.15.174linux
linux/Kernel 5.16.0 - 6.1.119linux
linux/Kernel 6.2.0 - 6.6.63linux
linux/Kernel 6.7.0 - 6.11.10linux
Linux/Linux < 5.14
Linux/Linux 5.14
Linux/Linux 5.15.174 - 5.15.*
Linux/Linux 6.1.119 - 6.1.*
Linux/Linux 6.11.10 - 6.11.*
Linux/Linux 6.12
... and 8 more
Published Dec 02, 2024
Tracked Since Feb 18, 2026