PT-2024-32740 · Linux+4 · Linux Kernel+4

Dragos Tatulea

Published

2024-08-27

Updated

2025-09-29

CVE-2024-47687

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-496.el9.x86 64

Description The Linux kernel has a vulnerability in the vdpa/mlx5 module, where certain error paths from mlx5 vdpa dev add() can release mr resources that were never initialized. This issue is resolved by adding a missing check in mlx5 vdpa destroy mr resources() to block the release of non-initialized mr resources. The vulnerability can cause a kernel NULL pointer dereference.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2025-02965

CVE-2024-47687

INFSA-2025_6966

OPENSUSE-SU-2024:14500-1

OPENSUSE-SU-2024_3984-1

OPENSUSE-SU-2024_3986-1

OPENSUSE-SU-2025:14705-1

RHSA-2025:6966

RHSA-2025_6966

SUSE-SU-2024:3984-1

SUSE-SU-2024:3986-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

USN-7276-1

USN-7277-1

USN-7301-1

USN-7303-1

USN-7303-2

USN-7303-3

USN-7304-1

USN-7310-1

USN-7311-1

USN-7384-1

USN-7384-2

USN-7385-1

USN-7386-1

USN-7403-1

Affected Products

Linuxmint

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2024-32740 · Linux+4 · Linux Kernel+4

CVE-2024-47687

Weakness Enumeration

Related Identifiers

Affected Products

References · 2152