CVE-2024-53138

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/12/2024
Last modified:
14/12/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: kTLS, Fix incorrect page refcounting<br /> <br /> The kTLS tx handling code is using a mix of get_page() and<br /> page_ref_inc() APIs to increment the page reference. But on the release<br /> path (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used.<br /> <br /> This is an issue when using pages from large folios: the get_page()<br /> references are stored on the folio page while the page_ref_inc()<br /> references are stored directly in the given page. On release the folio<br /> page will be dereferenced too many times.<br /> <br /> This was found while doing kTLS testing with sendfile() + ZC when the<br /> served file was read from NFS on a kernel with NFS large folios support<br /> (commit 49b29a573da8 ("nfs: add support for large folios")).

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.4 (including) 6.1.119 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.63 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.11.10 (excluding)
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*