{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-53120","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-11-19T17:17:24.994Z","datePublished":"2024-12-02T13:44:51.098Z","dateUpdated":"2025-11-03T22:29:26.030Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:53:31.381Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: CT: Fix null-ptr-deref in add rule err flow\n\nIn error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add()\ncallback returns error, zone_rule->attr is used uninitiated. Fix it to\nuse attr which has the needed pointer value.\n\nKernel log:\n BUG: kernel NULL pointer dereference, address: 0000000000000110\n RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n…\n Call Trace:\n  <TASK>\n  ? __die+0x20/0x70\n  ? page_fault_oops+0x150/0x3e0\n  ? exc_page_fault+0x74/0x140\n  ? asm_exc_page_fault+0x22/0x30\n  ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n  ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core]\n  mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core]\n  ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n  nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n  flow_offload_work_handler+0x142/0x320 [nf_flow_table]\n  ? finish_task_switch.isra.0+0x15b/0x2b0\n  process_one_work+0x16c/0x320\n  worker_thread+0x28c/0x3a0\n  ? __pfx_worker_thread+0x10/0x10\n  kthread+0xb8/0xf0\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x2d/0x50\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1a/0x30\n  </TASK>"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c"],"versions":[{"version":"7fac5c2eced36f335ee19ff316bd3182fbeda823","lessThan":"882f392d9e3649557e71efd78ae20c86039ffb7c","status":"affected","versionType":"git"},{"version":"7fac5c2eced36f335ee19ff316bd3182fbeda823","lessThan":"0c7c70ff8b696cfedba350411dca736361ef9a0f","status":"affected","versionType":"git"},{"version":"7fac5c2eced36f335ee19ff316bd3182fbeda823","lessThan":"06dc488a593020bd2f006798557d2a32104d8359","status":"affected","versionType":"git"},{"version":"7fac5c2eced36f335ee19ff316bd3182fbeda823","lessThan":"6030f8bd7902e9e276a0edc09bf11979e4e2bc2e","status":"affected","versionType":"git"},{"version":"7fac5c2eced36f335ee19ff316bd3182fbeda823","lessThan":"e99c6873229fe0482e7ceb7d5600e32d623ed9d9","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c"],"versions":[{"version":"5.14","status":"affected"},{"version":"0","lessThan":"5.14","status":"unaffected","versionType":"semver"},{"version":"5.15.174","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.119","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.63","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.11.10","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.15.174"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.1.119"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.6.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.11.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/882f392d9e3649557e71efd78ae20c86039ffb7c"},{"url":"https://git.kernel.org/stable/c/0c7c70ff8b696cfedba350411dca736361ef9a0f"},{"url":"https://git.kernel.org/stable/c/06dc488a593020bd2f006798557d2a32104d8359"},{"url":"https://git.kernel.org/stable/c/6030f8bd7902e9e276a0edc09bf11979e4e2bc2e"},{"url":"https://git.kernel.org/stable/c/e99c6873229fe0482e7ceb7d5600e32d623ed9d9"}],"title":"net/mlx5e: CT: Fix null-ptr-deref in add rule err flow","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:29:26.030Z"}}]}}