Description

In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tp_exit_net found by syzbot In l2tp's net exit handler, we check that an IDR is empty before destroying it: WARN_ON_ONCE(!idr_is_empty(&pn->l2tp_tunnel_idr)); idr_destroy(&pn->l2tp_tunnel_idr); By forcing memory allocation failures in idr_alloc_32, syzbot is able to provoke a condition where idr_is_empty returns false despite there being no items in the IDR. This turns out to be because the radix tree of the IDR contains only internal radix-tree nodes and it is this that causes idr_is_empty to return false. The internal nodes are cleaned by idr_destroy. Use idr_for_each to check that the IDR is empty instead of idr_is_empty to avoid the problem.

INFO

Published Date :

2024-12-27T13:49:57.169Z

Last Modified :

2025-05-04T09:56:00.933Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-53211 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-53211.

URL Resource
https://git.kernel.org/stable/c/5d066766c5f1252f98ff859265bcd1a5b52ac46c cve-icon cve-icon
https://git.kernel.org/stable/c/a487cc8986d6dd75b60b59004f3bd2ea9b4dd541 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024122730-CVE-2024-53211-9837@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-53211 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-53211 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact