PT-2024-35558 · Linux+5 · Linux Kernel+5

Published

2024-10-11

·

Updated

2026-05-26

·

CVE-2024-53094

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65
Description A vulnerability in the Linux kernel has been resolved by adding a sendpage ok() check to disable MSG SPLICE PAGES while running ISER over SIW. The initiator machine encounters a warning from skb splice from iter() indicating that a slab page is being used in send page. To address this, the sendpage ok() check is added within the driver itself, and if it returns 0, then the MSG SPLICE PAGES flag should be disabled before entering the network stack. A similar issue has been discussed for NVMe.
Recommendations To resolve the issue, update to Linux kernel version 6.6.65 or later. As a temporary workaround, consider disabling the MSG SPLICE PAGES flag in the RDMA/siw driver until a patch is available. Restrict access to the vulnerable network stack to minimize the risk of exploitation. Avoid using the send page function in the affected API endpoint until the issue is resolved.

Exploit

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-17891
ALT-PU-2025-12647
AZL-54598
AZL-54646
BDU:2025-15035
CVE-2024-53094
ECHO-CDFD-695B-75EB
MGASA-2024-0392
MGASA-2024-0393
OESA-2025-1097
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4316-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu