vulnerability
Debian: CVE-2024-53181: linux, linux-6.1 -- security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | 12/27/2024 | 01/13/2025 | 03/05/2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
um: vector: Do not use drvdata in release
The drvdata is not available in release. Let's just use container_of()
to get the vector_device instance. Otherwise, removing a vector device
will result in a crash:
RIP: 0033:vector_device_release+0xf/0x50
RSP: 00000000e187bc40 EFLAGS: 00010202
RAX: 0000000060028f61 RBX: 00000000600f1baf RCX: 00000000620074e0
RDX: 000000006220b9c0 RSI: 0000000060551c80 RDI: 0000000000000000
RBP: 00000000e187bc50 R08: 00000000603ad594 R09: 00000000e187bb70
R10: 000000000000135a R11: 00000000603ad422 R12: 00000000623ae028
R13: 000000006287a200 R14: 0000000062006d30 R15: 00000000623700b6
Kernel panic - not syncing: Segfault with no mm
CPU: 0 UID: 0 PID: 16 Comm: kworker/0:1 Not tainted 6.12.0-rc6-g59b723cd2adb #1
Workqueue: events mc_work_proc
Stack:
60028f61 623ae028 e187bc80 60276fcd
6220b9c0 603f5820 623ae028 00000000
e187bcb0 603a2bcd 623ae000 62370010
Call Trace:
[] ? vector_device_release+0x0/0x50
[] device_release+0x70/0xba
[] kobject_put+0xba/0xe7
[ [ [] platform_device_unregister+0x2c/0x2e
[ [ [] mconsole_remove+0x160/0x1cc
[] ? strlen+0x0/0x15
[ [] ? set_next_entity+0x39/0x63
[] ? set_next_entity+0x0/0x63
[] ? um_set_signals+0x0/0x43
[] mc_work_proc+0x77/0x91
[ [] ? assign_work+0x0/0x58
[] worker_thread+0x1e9/0x293
[] ? set_pf_worker+0x0/0x64
[] ? arch_local_irq_save+0x0/0x2d
[] ? kthread_exit+0x0/0x3a
[] ? worker_thread+0x0/0x293
[] kthread+0x126/0x12b
[] new_thread_handler+0x85/0xb6
Solution(s)
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.