PT-2024-35507 · Linux+8 · Linux Kernel+8
Published
2024-10-22
·
Updated
2025-10-03
·
CVE-2024-53042
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.12.0-rc3-custom-gac8f72681cf2
Description
The issue is related to a suspicious RCU usage warning in the
ip tunnel init flow() function. There are code paths from which the function is called without holding the RCU read lock, resulting in a warning. The fix involves using l3mdev master upper ifindex by index() to acquire the RCU read lock before calling l3mdev master upper ifindex by index rcu().Recommendations
For Linux kernel versions prior to 6.12.0-rc3-custom-gac8f72681cf2, update to a newer version to resolve the issue. As a temporary workaround, consider restricting access to the
ip tunnel init flow() function until a patch is available.Exploit
Fix
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu