CVE-2024-43864

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified) Upstream kernel versions prior to 6.6.50

Description The issue is related to the net/mlx5e module in the Linux kernel, where a vulnerability has been resolved by fixing CT entry update leaks of modify header context. When updating a CT entry, a new modify header is allocated to replace the old one. However, if the allocation fails, the modify header becomes an error pointer, triggering a panic when deallocated. The old modify header point is copied to old attr, and when the old attr is freed, the old modify header is lost. The fix restores the old attr to attr when the allocation of a new modify header context fails, ensuring the correct modify header context is freed when the CT entry is freed.

Recommendations Update to upstream kernel version 6.6.50 or later to resolve the issue. As a temporary workaround, consider disabling the net/mlx5e module until a patch is available. Restrict access to the CT entry update functionality to minimize the risk of exploitation.