PT-2025-3580 · Linux+4 · Linux Kernel+4

Published

2024-12-23

·

Updated

2025-10-03

·

CVE-2024-57801

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description The issue arises during driver unload when unregister netdev is called after unloading vport rep, resulting in a use-after-free error because mlx5e rep priv is already freed while trying to access its data. The fix involves adding a check to ensure that the data of vport rep is accessed only when it is still loaded.
Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the net/mlx5e driver until a patch is available. Restrict access to the vport rep data to minimize the risk of exploitation. Avoid using the rpriv->netdev and rpriv->tc ht variables in the affected code until the issue is resolved.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
ALT-PU-2025-1925
ALT-PU-2025-3483
ALT-PU-2025-3507
AZL-55832
BDU:2025-02841
CVE-2024-57801
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1159
OESA-2025-1160
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7522-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu