Linux Kernel Vulnerability in MLX5 Driver Affecting Device Management
CVE-2024-57801

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 January 2025

Summary

A vulnerability exists in the Linux kernel related to the MLX5 driver where the system may encounter a use-after-free condition. This occurs when the driver unloads without ensuring that certain virtual port representations are properly managed, resulting in attempts to access freed memory. Specifically, the issue arises when unregistering the network device while the virtual port representation has already been unloaded, which can potentially lead to instability or exploitation in a networked environment. Proper checks must be implemented to ensure data integrity during device management operations.

Affected Version(s)

Linux d1569537a837d66620aa7ffc2bddf918e902f227 < 3e45dd1622a2c1a83c11bf42fdd8c1810123d6c0

Linux d1569537a837d66620aa7ffc2bddf918e902f227 < 47c78d3fc26e38ab805613a0f592dc8a820c7c64

Linux d1569537a837d66620aa7ffc2bddf918e902f227 < 5a03b368562a7ff5f5f1f63b5adf8309cbdbd5be

References

https://git.kernel.org/stable/c/3e45dd1622a2c1a83c11bf42f...

https://git.kernel.org/stable/c/47c78d3fc26e38ab805613a0f...

https://git.kernel.org/stable/c/5a03b368562a7ff5f5f1f63b5...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 15, 2025