CVE-2024-53120

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-53120

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value. Kernel log: BUG: kernel NULL pointer dereference, address: 0000000000000110 RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] … Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x140 ? asm_exc_page_fault+0x22/0x30 ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core] mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core] ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] flow_offload_work_handler+0x142/0x320 [nf_flow_table] ? finish_task_switch.isra.0+0x15b/0x2b0 process_one_work+0x16c/0x320 worker_thread+0x28c/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xb8/0xf0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK>

References
Link Resource
https://git.kernel.org/stable/c/06dc488a593020bd2f006798557d2a32104d8359 Patch
https://git.kernel.org/stable/c/0c7c70ff8b696cfedba350411dca736361ef9a0f Patch
https://git.kernel.org/stable/c/6030f8bd7902e9e276a0edc09bf11979e4e2bc2e Patch
https://git.kernel.org/stable/c/882f392d9e3649557e71efd78ae20c86039ffb7c
https://git.kernel.org/stable/c/e99c6873229fe0482e7ceb7d5600e32d623ed9d9 Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*
History

03 Nov 2025, 23:17

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html -

14 Dec 2024, 21:15

Type Values Removed Values Added
CWE CWE-476
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*
References
  • () https://git.kernel.org/stable/c/882f392d9e3649557e71efd78ae20c86039ffb7c -
References () https://git.kernel.org/stable/c/06dc488a593020bd2f006798557d2a32104d8359 - () https://git.kernel.org/stable/c/06dc488a593020bd2f006798557d2a32104d8359 - Patch
References () https://git.kernel.org/stable/c/0c7c70ff8b696cfedba350411dca736361ef9a0f - () https://git.kernel.org/stable/c/0c7c70ff8b696cfedba350411dca736361ef9a0f - Patch
References () https://git.kernel.org/stable/c/6030f8bd7902e9e276a0edc09bf11979e4e2bc2e - () https://git.kernel.org/stable/c/6030f8bd7902e9e276a0edc09bf11979e4e2bc2e - Patch
References () https://git.kernel.org/stable/c/e99c6873229fe0482e7ceb7d5600e32d623ed9d9 - () https://git.kernel.org/stable/c/e99c6873229fe0482e7ceb7d5600e32d623ed9d9 - Patch
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5

02 Dec 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-02 14:15

Updated : 2025-11-03 23:17

NVD link : CVE-2024-53120

Mitre link : CVE-2024-53120

CVE.ORG link : CVE-2024-53120

JSON object : View

Products Affected

linux

CWE
CWE-476

NULL Pointer Dereference