CVE-2024-57801

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-57801

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57801.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-57801

Downstream

BELL-CVE-2024-57801

DEBIAN-CVE-2024-57801

OESA-2025-1159

OESA-2025-1160

SUSE-SU-2025:0289-1

SUSE-SU-2025:0428-1

SUSE-SU-2025:0499-1

SUSE-SU-2025:0557-1

UBUNTU-CVE-2024-57801

USN-7379-1

USN-7381-1

USN-7382-1

USN-7513-1

USN-7513-2

USN-7513-3

USN-7513-4

USN-7513-5

USN-7514-1

USN-7515-1

USN-7515-2

USN-7522-1

USN-7523-1

USN-7524-1

Related

Published

2025-01-15T13:15:11Z

Modified

2025-08-09T20:01:27Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Skip restore TC rules for vport rep without loaded flag

During driver unload, unregisternetdev is called after unloading vport rep. So, the mlx5ereppriv is already freed while trying to get rpriv->netdev, or walk rpriv->tcht, which results in use-after-free. So add the checking to make sure access the data of vport rep which is still loaded.

References

Affected packages