CVE-2024-43864

{"id": "CVE-2024-43864", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-21T00:15:04.910", "references": [{"url": "https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: corrige las fugas de actualizaci\u00f3n de la entrada CT del contexto del encabezado de modificaci\u00f3n. El commit citada asigna un nuevo encabezado de modificaci\u00f3n para reemplazar el anterior al actualizar la entrada CT. Pero si no se pudo asignar uno nuevo, por ejemplo. Si excede el n\u00famero m\u00e1ximo que el firmware puede admitir, modificar el encabezado ser\u00e1 un indicador de error que provocar\u00e1 p\u00e1nico al desasignarlo. Y el punto de encabezado de modificaci\u00f3n anterior se copia al atributo anterior. Cuando se libera el antiguo atributo, el antiguo encabezado de modificaci\u00f3n se pierde. Solucionelo restaurando el antiguo atributo a attr cuando no se pudo asignar un nuevo contexto de encabezado de modificaci\u00f3n. Entonces, cuando se libera la entrada CT, se liberar\u00e1 el contexto del encabezado de modificaci\u00f3n derecho. Y el p\u00e1nico al acceder al puntero de error tambi\u00e9n se soluciona."}], "lastModified": "2025-09-29T16:27:10.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C940D02A-7FF6-4D48-A826-1A84129030AF", "versionEndExcluding": "6.6.45", "versionStartIncluding": "6.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9FECDC-6CB8-41E5-B32A-E46776100D9C", "versionEndExcluding": "6.10.4", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}