CVE-2024-50000

net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() In mlx5e_tir_builder_alloc() kvzalloc() may return NULL which is dereferenced on the next line in a reference to the modify field. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4655456a64a0f936098c8432bac64e7176bd2aff patch
https://git.kernel.org/stable/c/b48ee5bb25c02ca2b81e0d16bf8af17ab6ed3f8b patch
https://git.kernel.org/stable/c/0168ab6fbd9e50d20b97486168b604b2ab28a2ca patch
https://git.kernel.org/stable/c/1bcc86cc721bea68980098f51f102aa2c2b9d932 patch
https://git.kernel.org/stable/c/4d80dde26d7bab1320210279483ac854dcb274b2 patch
https://git.kernel.org/stable/c/f25389e779500cf4a59ef9804534237841bce536 patch

Frequently Asked Questions

What is the severity of CVE-2024-50000?
CVE-2024-50000 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50000?
To fix CVE-2024-50000, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50000 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50000 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50000?
CVE-2024-50000 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.