vulnerability
Debian: CVE-2024-53183: linux, linux-6.1 -- security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | 2024-12-27 | 2025-01-13 | 2025-03-05 |
Description
In the Linux kernel, the following vulnerability has been resolved:
um: net: Do not use drvdata in release
The drvdata is not available in release. Let's just use container_of()
to get the uml_net instance. Otherwise, removing a network device will
result in a crash:
RIP: 0033:net_device_release+0x10/0x6f
RSP: 00000000e20c7c40 EFLAGS: 00010206
RAX: 000000006002e4e7 RBX: 00000000600f1baf RCX: 00000000624074e0
RDX: 0000000062778000 RSI: 0000000060551c80 RDI: 00000000627af028
RBP: 00000000e20c7c50 R08: 00000000603ad594 R09: 00000000e20c7b70
R10: 000000000000135a R11: 00000000603ad422 R12: 0000000000000000
R13: 0000000062c7af00 R14: 0000000062406d60 R15: 00000000627700b6
Kernel panic - not syncing: Segfault with no mm
CPU: 0 UID: 0 PID: 29 Comm: kworker/0:2 Not tainted 6.12.0-rc6-g59b723cd2adb #1
Workqueue: events mc_work_proc
Stack:
627af028 62c7af00 e20c7c80 60276fcd
62778000 603f5820 627af028 00000000
e20c7cb0 603a2bcd 627af000 62770010
Call Trace:
[] device_release+0x70/0xba
[] kobject_put+0xba/0xe7
[ [ [] platform_device_unregister+0x2c/0x2e
[] net_remove+0x63/0x69
[ [] mconsole_remove+0x160/0x1cc
[] ? __remove_hrtimer+0x38/0x74
[] ? hrtimer_try_to_cancel+0x8c/0x98
[] ? dl_server_stop+0x3f/0x48
[] ? dl_server_stop+0x0/0x48
[] ? dequeue_entities+0x327/0x390
[] ? um_set_signals+0x0/0x43
[] mc_work_proc+0x77/0x91
[ [] ? assign_work+0x0/0x58
[] worker_thread+0x1e9/0x293
[] ? set_pf_worker+0x0/0x64
[] ? arch_local_irq_save+0x0/0x2d
[] ? kthread_exit+0x0/0x3a
[] ? worker_thread+0x0/0x293
[] kthread+0x126/0x12b
[] new_thread_handler+0x85/0xb6
Solution(s)
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.