CVE-2024-53121: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock the parent flow group, delete the software copy of the FTE, and remove it from the xarray. However, this approach encounters a race condition if a rule with the same match value is added simultaneously. In this scenario, fs_core may set the hardware deletion function to NULL prematurely, causing a panic during subsequent rule deletions. To prevent this, ensure the active flag of the FTE is checked under a lock, which will prevent the fs_core layer from attaching a new steering rule to an FTE that is in the process of deletion. [ 438.967589] MOSHE: 2496 mlx5_del_flow_rules del_hw_func [ 438.968205] ------------[ cut here ]------------ [ 438.968654] refcount_t: decrement hit 0; leaking memory. [ 438.969249] WARNING: CPU: 0 PID: 8957 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110 [ 438.970054] Modules linked in: act_mirred cls_flower act_gact sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core zram zsmalloc fuse [last unloaded: cls_flower] [ 438.973288] CPU: 0 UID: 0 PID: 8957 Comm: tc Not tainted 6.12.0-rc1+ #8 [ 438.973888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 438.974874] RIP: 0010:refcount_warn_saturate+0xfb/0x110 [ 438.975363] Code: 40 66 3b 82 c6 05 16 e9 4d 01 01 e8 1f 7c a0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 10 66 3b 82 c6 05 fd e8 4d 01 01 e8 05 7c a0 ff <0f> 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 [ 438.976947] RSP: 0018:ffff888124a53610 EFLAGS: 00010286 [ 438.977446] RAX: 0000000000000000 RBX: ffff888119d56de0 RCX: 0000000000000000 [ 438.978090] RDX: ffff88852c828700 RSI: ffff88852c81b3c0 RDI: ffff88852c81b3c0 [ 438.978721] RBP: ffff888120fa0e88 R08: 0000000000000000 R09: ffff888124a534b0 [ 438.979353] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888119d56de0 [ 438.979979] R13: ffff888120fa0ec0 R14: ffff888120fa0ee8 R15: ffff888119d56de0 [ 438.980607] FS: 00007fe6dcc0f800(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000 [ 438.983984] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 438.984544] CR2: 00000000004275e0 CR3: 0000000186982001 CR4: 0000000000372eb0 [ 438.985205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 438.985842] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 438.986507] Call Trace: [ 438.986799] <TASK> [ 438.987070] ? __warn+0x7d/0x110 [ 438.987426] ? refcount_warn_saturate+0xfb/0x110 [ 438.987877] ? report_bug+0x17d/0x190 [ 438.988261] ? prb_read_valid+0x17/0x20 [ 438.988659] ? handle_bug+0x53/0x90 [ 438.989054] ? exc_invalid_op+0x14/0x70 [ 438.989458] ? asm_exc_invalid_op+0x16/0x20 [ 438.989883] ? refcount_warn_saturate+0xfb/0x110 [ 438.990348] mlx5_del_flow_rules+0x2f7/0x340 [mlx5_core] [ 438.990932] __mlx5_eswitch_del_rule+0x49/0x170 [mlx5_core] [ 438.991519] ? mlx5_lag_is_sriov+0x3c/0x50 [mlx5_core] [ 438.992054] ? xas_load+0x9/0xb0 [ 438.992407] mlx5e_tc_rule_unoffload+0x45/0xe0 [mlx5_core] [ 438.993037] mlx5e_tc_del_fdb_flow+0x2a6/0x2e0 [mlx5_core] [ 438.993623] mlx5e_flow_put+0x29/0x60 [mlx5_core] [ 438.994161] mlx5e_delete_flower+0x261/0x390 [mlx5_core] [ 438.994728] tc_setup_cb_destroy+0xb9/0x190 [ 438.995150] fl_hw_destroy_filter+0x94/0xc0 [cls_flower] [ 438.995650] fl_change+0x11a4/0x13c0 [cls_flower] [ 438.996105] tc_new_tfilter+0x347/0xbc0 [ 438.996503] ? __ ---truncated---
AI Analysis
Technical Summary
CVE-2024-53121 is a vulnerability identified in the Linux kernel's mlx5 driver, which is responsible for managing Mellanox network devices, particularly those using the mlx5 core. The vulnerability arises from a race condition in the flow table entry (FTE) deletion process within the kernel's networking stack. Specifically, the mlx5 driver implements a two-step deletion process for FTEs: first, it locks the FTE, deletes it from the hardware, nullifies the hardware deletion function pointer, and unlocks the FTE; second, it locks the parent flow group, deletes the software copy of the FTE, and removes it from the xarray data structure. However, this approach is flawed because if a new rule with the same match value is added concurrently, the fs_core layer may prematurely set the hardware deletion function pointer to NULL. This premature nullification can lead to a kernel panic during subsequent rule deletions due to dereferencing a NULL pointer or inconsistent state management. The vulnerability manifests as a race condition that can cause system instability and denial of service (DoS) through kernel panics. The provided kernel logs illustrate the panic and refcount warnings triggered by this issue. The fix involves ensuring that the active flag of the FTE is checked under a lock, preventing the fs_core layer from attaching a new steering rule to an FTE that is in the process of deletion, thereby eliminating the race condition. This vulnerability affects Linux kernel versions containing the affected commit hashes referenced, and it is particularly relevant for systems utilizing Mellanox mlx5 network drivers, commonly found in high-performance computing and data center environments.
Potential Impact
For European organizations, the impact of CVE-2024-53121 can be significant, especially for enterprises and data centers relying on Linux servers with Mellanox mlx5 network adapters. The vulnerability can cause kernel panics leading to system crashes and denial of service, disrupting critical network functions and services. This is particularly impactful for cloud service providers, telecommunications infrastructure, financial institutions, and research facilities that depend on high-availability and low-latency networking. The race condition could be triggered by legitimate administrative operations or potentially exploited by an attacker with local access to induce system instability. Although no known exploits are currently reported in the wild, the vulnerability poses a risk of service outages and operational disruptions. Additionally, the instability could be leveraged as part of a broader attack chain to degrade network reliability or cause cascading failures in clustered or virtualized environments. Given the widespread use of Linux in European IT infrastructure, the vulnerability's impact could extend to critical sectors including government, healthcare, and manufacturing, where network reliability is paramount.
Mitigation Recommendations
To mitigate CVE-2024-53121, European organizations should: 1) Apply the official Linux kernel patches that address this race condition as soon as they become available, ensuring that the mlx5 driver is updated to the fixed version. 2) For environments where immediate patching is not feasible, consider temporarily disabling or limiting the use of mlx5-based network interfaces or flow steering features that trigger the vulnerable code paths. 3) Implement strict access controls and monitoring on systems with mlx5 devices to detect unusual or concurrent flow rule modifications that could trigger the race condition. 4) Employ kernel crash dump and monitoring tools to quickly identify and respond to kernel panics related to mlx5 flow rule deletions. 5) Coordinate with hardware vendors and Linux distribution maintainers to receive timely updates and advisories. 6) In virtualized or containerized environments, isolate workloads that use mlx5 devices to minimize the blast radius of potential crashes. 7) Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production. These steps go beyond generic advice by focusing on the specific driver and operational context of the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland, Belgium, Italy
CVE-2024-53121: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock the parent flow group, delete the software copy of the FTE, and remove it from the xarray. However, this approach encounters a race condition if a rule with the same match value is added simultaneously. In this scenario, fs_core may set the hardware deletion function to NULL prematurely, causing a panic during subsequent rule deletions. To prevent this, ensure the active flag of the FTE is checked under a lock, which will prevent the fs_core layer from attaching a new steering rule to an FTE that is in the process of deletion. [ 438.967589] MOSHE: 2496 mlx5_del_flow_rules del_hw_func [ 438.968205] ------------[ cut here ]------------ [ 438.968654] refcount_t: decrement hit 0; leaking memory. [ 438.969249] WARNING: CPU: 0 PID: 8957 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110 [ 438.970054] Modules linked in: act_mirred cls_flower act_gact sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core zram zsmalloc fuse [last unloaded: cls_flower] [ 438.973288] CPU: 0 UID: 0 PID: 8957 Comm: tc Not tainted 6.12.0-rc1+ #8 [ 438.973888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 438.974874] RIP: 0010:refcount_warn_saturate+0xfb/0x110 [ 438.975363] Code: 40 66 3b 82 c6 05 16 e9 4d 01 01 e8 1f 7c a0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 10 66 3b 82 c6 05 fd e8 4d 01 01 e8 05 7c a0 ff <0f> 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 [ 438.976947] RSP: 0018:ffff888124a53610 EFLAGS: 00010286 [ 438.977446] RAX: 0000000000000000 RBX: ffff888119d56de0 RCX: 0000000000000000 [ 438.978090] RDX: ffff88852c828700 RSI: ffff88852c81b3c0 RDI: ffff88852c81b3c0 [ 438.978721] RBP: ffff888120fa0e88 R08: 0000000000000000 R09: ffff888124a534b0 [ 438.979353] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888119d56de0 [ 438.979979] R13: ffff888120fa0ec0 R14: ffff888120fa0ee8 R15: ffff888119d56de0 [ 438.980607] FS: 00007fe6dcc0f800(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000 [ 438.983984] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 438.984544] CR2: 00000000004275e0 CR3: 0000000186982001 CR4: 0000000000372eb0 [ 438.985205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 438.985842] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 438.986507] Call Trace: [ 438.986799] <TASK> [ 438.987070] ? __warn+0x7d/0x110 [ 438.987426] ? refcount_warn_saturate+0xfb/0x110 [ 438.987877] ? report_bug+0x17d/0x190 [ 438.988261] ? prb_read_valid+0x17/0x20 [ 438.988659] ? handle_bug+0x53/0x90 [ 438.989054] ? exc_invalid_op+0x14/0x70 [ 438.989458] ? asm_exc_invalid_op+0x16/0x20 [ 438.989883] ? refcount_warn_saturate+0xfb/0x110 [ 438.990348] mlx5_del_flow_rules+0x2f7/0x340 [mlx5_core] [ 438.990932] __mlx5_eswitch_del_rule+0x49/0x170 [mlx5_core] [ 438.991519] ? mlx5_lag_is_sriov+0x3c/0x50 [mlx5_core] [ 438.992054] ? xas_load+0x9/0xb0 [ 438.992407] mlx5e_tc_rule_unoffload+0x45/0xe0 [mlx5_core] [ 438.993037] mlx5e_tc_del_fdb_flow+0x2a6/0x2e0 [mlx5_core] [ 438.993623] mlx5e_flow_put+0x29/0x60 [mlx5_core] [ 438.994161] mlx5e_delete_flower+0x261/0x390 [mlx5_core] [ 438.994728] tc_setup_cb_destroy+0xb9/0x190 [ 438.995150] fl_hw_destroy_filter+0x94/0xc0 [cls_flower] [ 438.995650] fl_change+0x11a4/0x13c0 [cls_flower] [ 438.996105] tc_new_tfilter+0x347/0xbc0 [ 438.996503] ? __ ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-53121 is a vulnerability identified in the Linux kernel's mlx5 driver, which is responsible for managing Mellanox network devices, particularly those using the mlx5 core. The vulnerability arises from a race condition in the flow table entry (FTE) deletion process within the kernel's networking stack. Specifically, the mlx5 driver implements a two-step deletion process for FTEs: first, it locks the FTE, deletes it from the hardware, nullifies the hardware deletion function pointer, and unlocks the FTE; second, it locks the parent flow group, deletes the software copy of the FTE, and removes it from the xarray data structure. However, this approach is flawed because if a new rule with the same match value is added concurrently, the fs_core layer may prematurely set the hardware deletion function pointer to NULL. This premature nullification can lead to a kernel panic during subsequent rule deletions due to dereferencing a NULL pointer or inconsistent state management. The vulnerability manifests as a race condition that can cause system instability and denial of service (DoS) through kernel panics. The provided kernel logs illustrate the panic and refcount warnings triggered by this issue. The fix involves ensuring that the active flag of the FTE is checked under a lock, preventing the fs_core layer from attaching a new steering rule to an FTE that is in the process of deletion, thereby eliminating the race condition. This vulnerability affects Linux kernel versions containing the affected commit hashes referenced, and it is particularly relevant for systems utilizing Mellanox mlx5 network drivers, commonly found in high-performance computing and data center environments.
Potential Impact
For European organizations, the impact of CVE-2024-53121 can be significant, especially for enterprises and data centers relying on Linux servers with Mellanox mlx5 network adapters. The vulnerability can cause kernel panics leading to system crashes and denial of service, disrupting critical network functions and services. This is particularly impactful for cloud service providers, telecommunications infrastructure, financial institutions, and research facilities that depend on high-availability and low-latency networking. The race condition could be triggered by legitimate administrative operations or potentially exploited by an attacker with local access to induce system instability. Although no known exploits are currently reported in the wild, the vulnerability poses a risk of service outages and operational disruptions. Additionally, the instability could be leveraged as part of a broader attack chain to degrade network reliability or cause cascading failures in clustered or virtualized environments. Given the widespread use of Linux in European IT infrastructure, the vulnerability's impact could extend to critical sectors including government, healthcare, and manufacturing, where network reliability is paramount.
Mitigation Recommendations
To mitigate CVE-2024-53121, European organizations should: 1) Apply the official Linux kernel patches that address this race condition as soon as they become available, ensuring that the mlx5 driver is updated to the fixed version. 2) For environments where immediate patching is not feasible, consider temporarily disabling or limiting the use of mlx5-based network interfaces or flow steering features that trigger the vulnerable code paths. 3) Implement strict access controls and monitoring on systems with mlx5 devices to detect unusual or concurrent flow rule modifications that could trigger the race condition. 4) Employ kernel crash dump and monitoring tools to quickly identify and respond to kernel panics related to mlx5 flow rule deletions. 5) Coordinate with hardware vendors and Linux distribution maintainers to receive timely updates and advisories. 6) In virtualized or containerized environments, isolate workloads that use mlx5 devices to minimize the blast radius of potential crashes. 7) Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production. These steps go beyond generic advice by focusing on the specific driver and operational context of the vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-11-19T17:17:24.994Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdfa76
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 3:11:32 PM
Last updated: 8/10/2025, 11:28:46 PM
Views: 13
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.