PT-2024-10319 · Linux+3 · Linux Kernel+3

Jianbo Liu

·

Published

2024-10-21

·

Updated

2025-04-01

·

CVE-2024-49953

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58
Description The issue is related to the xfrm state delete() function in the Linux kernel, which can cause a crash when called twice. This happens because the km.state is not checked in the driver's delayed work, allowing the state to be reset to XFRM STATE EXPIRED even if it is already XFRM STATE DEAD. To fix this, the xfrm state check expire() function is skipped if km.state is not XFRM STATE VALID. The vulnerability can be exploited to cause a denial of service.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider disabling the xfrm state delete() function until a patch is available. Restrict access to the vulnerable mlx5e ipsec handle sw limits function to minimize the risk of exploitation. Avoid using the xfrm state check expire() function in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-672

Related Identifiers

BDU:2025-00771
CVE-2024-49953
MGASA-2024-0344
MGASA-2024-0345
OESA-2025-1097
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1

Affected Products

Linuxmint
Linux Kernel
Suse
Ubuntu