Release Date: | 2024-06-21 |
In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules\nrx_create no longer allocates a modify_hdr instance that needs to be\ncleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer\ndereference. A leak in the rules also previously occurred since there are\nnow two rules populated related to status.\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 109907067 P4D 109907067 PUD 116890067 PMD 0\nOops: 0000 [#1] SMP\nCPU: 1 PID: 484 Comm: ip Not tainted 6.9.0-rc2-rrameshbabu+ #254\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nRIP: 0010:mlx5_modify_header_dealloc+0xd/0x70\n
See more information about CVE-2024-36281 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
Base Score: | 4.4 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Attack Vector: | Local network | Attack Complexity: | Low |
Privileges Required: | High | User Interaction: | None |
Scope: | Unchanged | Confidentiality Impact: | None |
Integrity Impact: | None | Availability Impact: | High |
Platform | Errata | Release Date |
Oracle Linux version 8 (kernel-uek) | ELSA-2024-12682 | 2024-09-23 |
Oracle Linux version 9 (kernel-uek) | ELSA-2024-12682 | 2024-09-23 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: