CVE-2024-53103
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | ae0078fcf0a5eb3a8623bfb5f988262e0911fdb9 < 285266ef92f7b4bf7d26e1e95e215ce6a6badb4a | affected |
| Linux | Linux | ae0078fcf0a5eb3a8623bfb5f988262e0911fdb9 < 4fe1d42f2acc463b733bb42e3f8e67dbc2a0eb2d | affected |
| Linux | Linux | ae0078fcf0a5eb3a8623bfb5f988262e0911fdb9 < 414476c4fb11be070c09ab8f3e75c9ee324a108a | affected |
| Linux | Linux | ae0078fcf0a5eb3a8623bfb5f988262e0911fdb9 < 7cf25987820350cb950856c71b409e5b6eed52bd | affected |
| Linux | Linux | ae0078fcf0a5eb3a8623bfb5f988262e0911fdb9 < 98d8dde9232250a57ad5ef16479bf6a349e09b80 | affected |
| Linux | Linux | ae0078fcf0a5eb3a8623bfb5f988262e0911fdb9 < 4bdc5a62c6e50600d8a1c3e18fd6dce0c27c9497 | affected |
| Linux | Linux | ae0078fcf0a5eb3a8623bfb5f988262e0911fdb9 < e0fe3392371293175f25028020ded5267f4cd8e3 | affected |
| Linux | Linux | ae0078fcf0a5eb3a8623bfb5f988262e0911fdb9 < 8621725afb38e111969c64280b71480afde2aace | affected |
| Linux | Linux | ae0078fcf0a5eb3a8623bfb5f988262e0911fdb9 < e629295bd60abf4da1db85b82819ca6a4f6c1e79 | affected |
| Linux | Linux | 4.14 | affected |
| Linux | Linux | 0 < 4.14 | unaffected |
| Linux | Linux | 4.19.324 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.286 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.230 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.172 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.117 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.61 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.8 <= 6.11.* | unaffected |
| Linux | Linux | 6.12.1 <= 6.12.* | unaffected |
| Linux | Linux | 6.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
References
- https://git.kernel.org/stable/c/285266ef92f7b4bf7d26e1e95e215ce6a6badb4a
- https://git.kernel.org/stable/c/4fe1d42f2acc463b733bb42e3f8e67dbc2a0eb2d
- https://git.kernel.org/stable/c/414476c4fb11be070c09ab8f3e75c9ee324a108a
- https://git.kernel.org/stable/c/7cf25987820350cb950856c71b409e5b6eed52bd
- https://git.kernel.org/stable/c/98d8dde9232250a57ad5ef16479bf6a349e09b80
- https://git.kernel.org/stable/c/4bdc5a62c6e50600d8a1c3e18fd6dce0c27c9497
- https://git.kernel.org/stable/c/e0fe3392371293175f25028020ded5267f4cd8e3
- https://git.kernel.org/stable/c/8621725afb38e111969c64280b71480afde2aace
- https://git.kernel.org/stable/c/e629295bd60abf4da1db85b82819ca6a4f6c1e79
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.