CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-57857: RDMA/siw: Remove direct link to net_device

Description

In the Linux kernel, the following vulnerability has been resolved:

RDMA/siw: Remove direct link to net_device

Do not manage a per device direct link to net_device. Rely
on associated ib_devices net_device management, not doubling
the effort locally. A badly managed local link to net_device
was causing a 'KASAN: slab-use-after-free' exception during
siw_query_port() call.

Classification

CVE ID: CVE-2024-57857

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.5% (scored less or equal to compared to others)

EPSS Date: 2025-02-13 (when was this score calculated)

References

https://git.kernel.org/stable/c/4eafeb4f021c50d13f199239d913b37de3c83135
https://git.kernel.org/stable/c/16b87037b48889d21854c8e97aec8a1baf2642b3

Timeline

2025-01-16 00:30:58 UTC
CVE

RDMA/siw: Remove direct link to net_device