CVE-2024-53064
idpf: fix idpf_vc_core_init error path
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix idpf_vc_core_init error path
In an event where the platform running the device control plane
is rebooted, reset is detected on the driver. It releases
all the resources and waits for the reset to complete. Once the
reset is done, it tries to build the resources back. At this
time if the device control plane is not yet started, then
the driver timeouts on the virtchnl message and retries to
establish the mailbox again.
In the retry flow, mailbox is deinitialized but the mailbox
workqueue is still alive and polling for the mailbox message.
This results in accessing the released control queue leading to
null-ptr-deref. Fix it by unrolling the work queue cancellation
and mailbox deinitialization in the reverse order which they got
initialized.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-11-19 CVE Reserved
- 2024-11-19 CVE Published
- 2024-11-19 CVE Updated
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/4930fbf419a72d7477426fd883bfc37e20a61a6e | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/stable/c/683fcd90ba22507ebeb1921a26dfe77efff8c266 | 2024-11-14 | |
| https://git.kernel.org/stable/c/9b58031ff96b84a38d7b73b23c7ecfb2e0557f43 | 2024-11-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7 < 6.11.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.11.8" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.12" | en |
Affected
| ||||||