Linux · Linux Kernel · CVE-2024-50000
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
A NULL dereference issue has been found in the Linux kernel, specifically in the `mlx5e tir builder alloc()` function. This issue occurs when `kvzalloc()` returns NULL, which is then dereferenced in a reference to the `modify` field. The Linux Verification Center (linuxtesting.org) discovered this issue using SVACE.
Recommendations:
For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the `mlx5e tir builder alloc()` function until a patch is available.