CVE-2024-53224: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Move events notifier registration to be after device registration Move pkey change work initialization and cleanup from device resources stage to notifier stage, since this is the stage which handles this work events. Fix a race between the device deregistration and pkey change work by moving MLX5_IB_STAGE_DEVICE_NOTIFIER to be after MLX5_IB_STAGE_IB_REG in order to ensure that the notifier is deregistered before the device during cleanup. Which ensures there are no works that are being executed after the device has already unregistered which can cause the panic below. BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 630071 Comm: kworker/1:2 Kdump: loaded Tainted: G W OE --------- --- 5.14.0-162.6.1.el9_1.x86_64 #1 Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090008 02/27/2023 Workqueue: events pkey_change_handler [mlx5_ib] RIP: 0010:setup_qp+0x38/0x1f0 [mlx5_ib] Code: ee 41 54 45 31 e4 55 89 f5 53 48 89 fb 48 83 ec 20 8b 77 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 18 48 8b 07 48 8d 4c 24 16 <4c> 8b 38 49 8b 87 80 0b 00 00 4c 89 ff 48 8b 80 08 05 00 00 8b 40 RSP: 0018:ffffbcc54068be20 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff954054494128 RCX: ffffbcc54068be36 RDX: ffff954004934000 RSI: 0000000000000001 RDI: ffff954054494128 RBP: 0000000000000023 R08: ffff954001be2c20 R09: 0000000000000001 R10: ffff954001be2c20 R11: ffff9540260133c0 R12: 0000000000000000 R13: 0000000000000023 R14: 0000000000000000 R15: ffff9540ffcb0905 FS: 0000000000000000(0000) GS:ffff9540ffc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000010625c001 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mlx5_ib_gsi_pkey_change+0x20/0x40 [mlx5_ib] process_one_work+0x1e8/0x3c0 worker_thread+0x50/0x3b0 ? rescuer_thread+0x380/0x380 kthread+0x149/0x170 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x22/0x30 Modules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) mlx5_fwctl(OE) fwctl(OE) ib_uverbs(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlx_compat(OE) psample mlxfw(OE) tls knem(OE) netconsole nfsv3 nfs_acl nfs lockd grace fscache netfs qrtr rfkill sunrpc intel_rapl_msr intel_rapl_common rapl hv_balloon hv_utils i2c_piix4 pcspkr joydev fuse ext4 mbcache jbd2 sr_mod sd_mod cdrom t10_pi sg ata_generic pci_hyperv pci_hyperv_intf hyperv_drm drm_shmem_helper drm_kms_helper hv_storvsc syscopyarea hv_netvsc sysfillrect sysimgblt hid_hyperv fb_sys_fops scsi_transport_fc hyperv_keyboard drm ata_piix crct10dif_pclmul crc32_pclmul crc32c_intel libata ghash_clmulni_intel hv_vmbus serio_raw [last unloaded: ib_core] CR2: 0000000000000000 ---[ end trace f6f8be4eae12f7bc ]---
AI Analysis
Technical Summary
CVE-2024-53224 is a vulnerability identified in the Linux kernel, specifically within the RDMA (Remote Direct Memory Access) subsystem related to Mellanox mlx5 InfiniBand drivers (mlx5_ib). The issue arises from a race condition during the deregistration and cleanup phases of device resources, particularly involving the handling of pkey (partition key) change work and event notifier registration. The vulnerability is caused by improper ordering of notifier deregistration relative to device deregistration, which can lead to workqueue handlers executing after the device has been unregistered. This results in a NULL pointer dereference in kernel space, causing a kernel panic and system crash. The detailed kernel oops trace indicates that the panic occurs in the setup_qp function within the mlx5_ib module, triggered by the pkey_change_handler workqueue. The root cause is that the notifier for pkey change events is deregistered too late, allowing the workqueue to access freed or invalid memory. This bug affects Linux kernel versions including 5.14.0-162.6.1.el9_1.x86_64 and likely other versions using the affected mlx5_ib driver. While the vulnerability does not appear to be exploited in the wild yet, it can cause denial of service (DoS) conditions by crashing the kernel. The vulnerability requires no user interaction but does require the presence of the mlx5 InfiniBand hardware or virtualized equivalent and the RDMA stack to be active. Since this is a kernel-level bug, exploitation could impact all processes and services running on the affected system, leading to potential service outages and instability. No CVSS score has been assigned yet, but the technical details and kernel trace provide a clear understanding of the issue and its impact.
Potential Impact
For European organizations, the impact of CVE-2024-53224 can be significant, especially for enterprises relying on high-performance computing (HPC), data centers, cloud providers, and industries using RDMA-enabled networking hardware such as Mellanox adapters. The vulnerability can cause unexpected kernel panics and system crashes, leading to denial of service on critical servers. This can disrupt business operations, cause data processing delays, and impact service availability. Organizations using Linux-based virtual machines or physical servers with InfiniBand or RDMA-enabled network interfaces are at risk. The vulnerability could affect cloud service providers and telecom operators in Europe who deploy RDMA for low-latency networking. Although the vulnerability does not directly lead to privilege escalation or data leakage, the resulting instability and downtime can have cascading effects on business continuity and SLAs. Additionally, the presence of this vulnerability in virtualized environments (e.g., Microsoft Hyper-V as indicated by the hardware trace) suggests that cloud tenants and hosted services could be indirectly affected. Given the increasing adoption of RDMA in European HPC centers and data-intensive industries, the risk of operational disruption is non-trivial.
Mitigation Recommendations
To mitigate CVE-2024-53224, European organizations should: 1) Apply the latest Linux kernel patches that address the notifier deregistration race condition in the mlx5_ib driver as soon as they become available from their Linux distribution vendors. 2) Monitor kernel updates and subscribe to security advisories from Linux distributions such as Red Hat, SUSE, Ubuntu, and Debian to ensure timely patch deployment. 3) For environments where immediate patching is not feasible, consider temporarily disabling RDMA or InfiniBand interfaces if they are not critical to operations, to reduce exposure. 4) Implement robust kernel crash monitoring and automated reboot mechanisms to minimize downtime in case of kernel panics. 5) Conduct thorough testing of kernel updates in staging environments to validate stability before production rollout. 6) Engage with hardware vendors to confirm compatibility and support for patched drivers. 7) For virtualized environments, ensure hypervisor and guest kernel versions are updated in coordination to prevent cascading failures. 8) Maintain comprehensive backups and disaster recovery plans to mitigate the impact of unexpected outages caused by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Belgium, Italy, Spain
CVE-2024-53224: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Move events notifier registration to be after device registration Move pkey change work initialization and cleanup from device resources stage to notifier stage, since this is the stage which handles this work events. Fix a race between the device deregistration and pkey change work by moving MLX5_IB_STAGE_DEVICE_NOTIFIER to be after MLX5_IB_STAGE_IB_REG in order to ensure that the notifier is deregistered before the device during cleanup. Which ensures there are no works that are being executed after the device has already unregistered which can cause the panic below. BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 630071 Comm: kworker/1:2 Kdump: loaded Tainted: G W OE --------- --- 5.14.0-162.6.1.el9_1.x86_64 #1 Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090008 02/27/2023 Workqueue: events pkey_change_handler [mlx5_ib] RIP: 0010:setup_qp+0x38/0x1f0 [mlx5_ib] Code: ee 41 54 45 31 e4 55 89 f5 53 48 89 fb 48 83 ec 20 8b 77 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 18 48 8b 07 48 8d 4c 24 16 <4c> 8b 38 49 8b 87 80 0b 00 00 4c 89 ff 48 8b 80 08 05 00 00 8b 40 RSP: 0018:ffffbcc54068be20 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff954054494128 RCX: ffffbcc54068be36 RDX: ffff954004934000 RSI: 0000000000000001 RDI: ffff954054494128 RBP: 0000000000000023 R08: ffff954001be2c20 R09: 0000000000000001 R10: ffff954001be2c20 R11: ffff9540260133c0 R12: 0000000000000000 R13: 0000000000000023 R14: 0000000000000000 R15: ffff9540ffcb0905 FS: 0000000000000000(0000) GS:ffff9540ffc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000010625c001 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mlx5_ib_gsi_pkey_change+0x20/0x40 [mlx5_ib] process_one_work+0x1e8/0x3c0 worker_thread+0x50/0x3b0 ? rescuer_thread+0x380/0x380 kthread+0x149/0x170 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x22/0x30 Modules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) mlx5_fwctl(OE) fwctl(OE) ib_uverbs(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlx_compat(OE) psample mlxfw(OE) tls knem(OE) netconsole nfsv3 nfs_acl nfs lockd grace fscache netfs qrtr rfkill sunrpc intel_rapl_msr intel_rapl_common rapl hv_balloon hv_utils i2c_piix4 pcspkr joydev fuse ext4 mbcache jbd2 sr_mod sd_mod cdrom t10_pi sg ata_generic pci_hyperv pci_hyperv_intf hyperv_drm drm_shmem_helper drm_kms_helper hv_storvsc syscopyarea hv_netvsc sysfillrect sysimgblt hid_hyperv fb_sys_fops scsi_transport_fc hyperv_keyboard drm ata_piix crct10dif_pclmul crc32_pclmul crc32c_intel libata ghash_clmulni_intel hv_vmbus serio_raw [last unloaded: ib_core] CR2: 0000000000000000 ---[ end trace f6f8be4eae12f7bc ]---
AI-Powered Analysis
Technical Analysis
CVE-2024-53224 is a vulnerability identified in the Linux kernel, specifically within the RDMA (Remote Direct Memory Access) subsystem related to Mellanox mlx5 InfiniBand drivers (mlx5_ib). The issue arises from a race condition during the deregistration and cleanup phases of device resources, particularly involving the handling of pkey (partition key) change work and event notifier registration. The vulnerability is caused by improper ordering of notifier deregistration relative to device deregistration, which can lead to workqueue handlers executing after the device has been unregistered. This results in a NULL pointer dereference in kernel space, causing a kernel panic and system crash. The detailed kernel oops trace indicates that the panic occurs in the setup_qp function within the mlx5_ib module, triggered by the pkey_change_handler workqueue. The root cause is that the notifier for pkey change events is deregistered too late, allowing the workqueue to access freed or invalid memory. This bug affects Linux kernel versions including 5.14.0-162.6.1.el9_1.x86_64 and likely other versions using the affected mlx5_ib driver. While the vulnerability does not appear to be exploited in the wild yet, it can cause denial of service (DoS) conditions by crashing the kernel. The vulnerability requires no user interaction but does require the presence of the mlx5 InfiniBand hardware or virtualized equivalent and the RDMA stack to be active. Since this is a kernel-level bug, exploitation could impact all processes and services running on the affected system, leading to potential service outages and instability. No CVSS score has been assigned yet, but the technical details and kernel trace provide a clear understanding of the issue and its impact.
Potential Impact
For European organizations, the impact of CVE-2024-53224 can be significant, especially for enterprises relying on high-performance computing (HPC), data centers, cloud providers, and industries using RDMA-enabled networking hardware such as Mellanox adapters. The vulnerability can cause unexpected kernel panics and system crashes, leading to denial of service on critical servers. This can disrupt business operations, cause data processing delays, and impact service availability. Organizations using Linux-based virtual machines or physical servers with InfiniBand or RDMA-enabled network interfaces are at risk. The vulnerability could affect cloud service providers and telecom operators in Europe who deploy RDMA for low-latency networking. Although the vulnerability does not directly lead to privilege escalation or data leakage, the resulting instability and downtime can have cascading effects on business continuity and SLAs. Additionally, the presence of this vulnerability in virtualized environments (e.g., Microsoft Hyper-V as indicated by the hardware trace) suggests that cloud tenants and hosted services could be indirectly affected. Given the increasing adoption of RDMA in European HPC centers and data-intensive industries, the risk of operational disruption is non-trivial.
Mitigation Recommendations
To mitigate CVE-2024-53224, European organizations should: 1) Apply the latest Linux kernel patches that address the notifier deregistration race condition in the mlx5_ib driver as soon as they become available from their Linux distribution vendors. 2) Monitor kernel updates and subscribe to security advisories from Linux distributions such as Red Hat, SUSE, Ubuntu, and Debian to ensure timely patch deployment. 3) For environments where immediate patching is not feasible, consider temporarily disabling RDMA or InfiniBand interfaces if they are not critical to operations, to reduce exposure. 4) Implement robust kernel crash monitoring and automated reboot mechanisms to minimize downtime in case of kernel panics. 5) Conduct thorough testing of kernel updates in staging environments to validate stability before production rollout. 6) Engage with hardware vendors to confirm compatibility and support for patched drivers. 7) For virtualized environments, ensure hypervisor and guest kernel versions are updated in coordination to prevent cascading failures. 8) Maintain comprehensive backups and disaster recovery plans to mitigate the impact of unexpected outages caused by this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-11-19T17:17:25.024Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdefe8
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 10:56:20 AM
Last updated: 8/14/2025, 4:30:52 PM
Views: 16
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.