PT-2024-35528 · Linux+8 · Linux Kernel+8
Published
2024-11-04
·
Updated
2026-04-20
·
CVE-2024-53064
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability in the Linux kernel has been identified, specifically in the idpf vc core init error path. When the platform running the device control plane is rebooted, the driver releases all resources and waits for the reset to complete. If the device control plane is not yet started after the reset, the driver times out on the virtchnl message and retries to establish the mailbox, leading to a null-ptr-deref due to accessing the released control queue. The issue arises from the mailbox being deinitialized while the mailbox workqueue is still alive and polling for the mailbox message.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu