CVE-2024-26724

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8.0-rc2jiri+

Description: The vulnerability is related to a use-after-free issue in the mlx5 dpll remove function, which can cause a denial-of-service. The issue occurs when a delayed work timer is triggered, allowing an attacker to exploit the vulnerability. The estimated number of potentially affected devices is not specified.

Recommendations: To resolve the issue, update the Linux kernel to version 6.8.0-rc2jiri or later. As a temporary workaround, consider disabling the mlx5 dpll remove function until a patch is available. Restrict access to the vulnerable module mlx5 dpll to minimize the risk of exploitation. Avoid using the mlx5 dpll probe function in the affected API endpoint until the issue is resolved.