What is CVE-2024-49953?

CVE-2024-49953 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, affecting Linux kernel versions from 6.4 onward and patched in 6.6.55, 6.10.14, 6.11.3 and others. CVE-2024-49953 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-49953?

CVE-2024-49953 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-49953?

Yes, CVE-2024-49953 has been patched. Fixed versions include 6.6.55, 6.10.14, 6.11.3 and others. If you are running Linux kernel 6.4 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2024-49953 actively exploited?

CVE-2024-49953 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-49953

Medium

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice The km.state is not checked in driver's delayed work. When xfrm_state_check_expire() is called, the state can be reset to XFRM_STATE_EXPIRED, even if it is XFRM_STATE_DEAD already. This happens when xfrm state is deleted, but not freed yet. As __xfrm_state_delete() is called again in xfrm timer, the following crash occurs. To fix this issue, skip xfrm_state_check_expire() if km.state is not XFRM_STATE_VALID. Oops: general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP CPU: 5 UID: 0 PID: 7448 Comm: kworker/u102:2 Not tainted 6.11.0-rc2+ #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5e_ipsec: eth%d mlx5e_ipsec_handle_sw_limits [mlx5_core] RIP: 0010:__xfrm_state_delete+0x3d/0x1b0 Code: 0f 84 8b 01 00 00 48 89 fd c6 87 c8 00 00 00 05 48 8d bb 40 10 00 00 e8 11 04 1a 00 48 8b 95 b8 00 00 00 48 8b 85 c0 00 00 00 <48> 89 42 08 48 89 10 48 8b 55 10 48 b8 00 01 00 00 00 00 ad de 48 RSP: 0018:ffff88885f945ec8 EFLAGS: 00010246 RAX: dead000000000122 RBX: ffffffff82afa940 RCX: 0000000000000036 RDX: dead000000000100 RSI: 0000000000000000 RDI: ffffffff82afb980 RBP: ffff888109a20340 R08: ffff88885f945ea0 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88885f945ff8 R12: 0000000000000246 R13: ffff888109a20340 R14: ffff88885f95f420 R15: ffff88885f95f400 FS: 0000000000000000(0000) GS:ffff88885f940000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2163102430 CR3: 00000001128d6001 CR4: 0000000000370eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> ? die_addr+0x33/0x90 ? exc_general_protection+0x1a2/0x390 ? asm_exc_general_protection+0x22/0x30 ? __xfrm_state_delete+0x3d/0x1b0 ? __xfrm_state_delete+0x2f/0x1b0 xfrm_timer_handler+0x174/0x350 ? __xfrm_state_delete+0x1b0/0x1b0 __hrtimer_run_queues+0x121/0x270 hrtimer_run_softirq+0x88/0xd0 handle_softirqs+0xcc/0x270 do_softirq+0x3c/0x50 </IRQ> <TASK> __local_bh_enable_ip+0x47/0x50 mlx5e_ipsec_handle_sw_limits+0x7d/0x90 [mlx5_core] process_one_work+0x137/0x2d0 worker_thread+0x28d/0x3a0 ? rescuer_thread+0x480/0x480 kthread+0xb8/0xe0 ? kthread_park+0x80/0x80 ret_from_fork+0x2d/0x50 ? kthread_park+0x80/0x80 ret_from_fork_asm+0x11/0x20 </TASK>

Package Linux Kernel

Published 2024-10-21

Last modified 2024-11-07

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-672

CVE-2024-49953 is classified as CWE-672

See CWE-672 on MITRE CWE for full details on this weakness type.

Affected versions

Linux kernel versions 6.4 and later are affected. Fixed in 6.6.55, 6.10.14, 6.11.3, 6.12 and their respective stable series.

Affected from

≥ 6.4

Fixed in

✓ 6.6.55 6.6.x ✓ 6.10.14 6.10.x ✓ 6.11.3 6.11.x ✓ 6.12

References

The following references provide additional information about CVE-2024-49953 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0b1672834634df9ac9cedf856db9fc36d92c50ef
Patch
Kernel patch commit
https://git.kernel.org/stable/c/151e7dead1f5399a73c19c4b50307ea48aff1dc0
Patch
Kernel patch commit
https://git.kernel.org/stable/c/7b124695db40d5c9c5295a94ae928a8d67a01c3d
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2024-49953

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-10-21

Modified 2024-11-07

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2024-49953?

CVE-2024-49953 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 6.4 onward and has been patched in 6.6.55, 6.10.14, 6.11.3 and others. CVE-2024-49953 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-49953?

CVE-2024-49953 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-49953?

Yes — CVE-2024-49953 has been patched. Fixed versions include 6.6.55, 6.10.14, 6.11.3 and others. If you are running Linux kernel 6.4 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2024-49953 actively exploited?

No — CVE-2024-49953 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.