CVE-2024-53138
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53138
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53138.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53138
- Downstream
- Related
- Published
- 2024-12-04T14:20:43.395Z
- Modified
- 2025-11-28T02:35:36.663301Z
- Summary
- net/mlx5e: kTLS, Fix incorrect page refcounting
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: kTLS, Fix incorrect page refcounting
The kTLS tx handling code is using a mix of getpage() and pagerefinc() APIs to increment the page reference. But on the release path (mlx5ektlstxhandleresyncdumpcomp()), only putpage() is used.
This is an issue when using pages from large folios: the getpage() references are stored on the folio page while the pageref_inc() references are stored directly in the given page. On release the folio page will be dereferenced too many times.
This was found while doing kTLS testing with sendfile() + ZC when the served file was read from NFS on a kernel with NFS large folios support (commit 49b29a573da8 ("nfs: add support for large folios")).
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53138.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2723e8b2cbd486cb96e5a61b22473f7fd62e18df
- https://git.kernel.org/stable/c/69fbd07f17b0fdaf8970bc705f5bf115c297839d
- https://git.kernel.org/stable/c/93a14620b97c911489a5b008782f3d9b0c4aeff4
- https://git.kernel.org/stable/c/a0ddb20a748b122ea86003485f7992fa5e84cc95
- https://git.kernel.org/stable/c/c7b97f9e794d8e2bbaa50e1d6c230196fd214b5e
- https://git.kernel.org/stable/c/dd6e972cc5890d91d6749bb48e3912721c4e4b25
- https://git.kernel.org/stable/c/ffad2ac8c859c1c1a981fe9c4f7ff925db684a43
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53138.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-53138
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced84d1bb2b139e0184b1754aa1b5776186b475fce8Fixeda0ddb20a748b122ea86003485f7992fa5e84cc95Fixedffad2ac8c859c1c1a981fe9c4f7ff925db684a43Fixedc7b97f9e794d8e2bbaa50e1d6c230196fd214b5eFixed69fbd07f17b0fdaf8970bc705f5bf115c297839dFixed93a14620b97c911489a5b008782f3d9b0c4aeff4Fixed2723e8b2cbd486cb96e5a61b22473f7fd62e18dfFixeddd6e972cc5890d91d6749bb48e3912721c4e4b25
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced5.4.0Fixed5.4.287
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.231
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.174
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.119
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.63
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.11.10