CVE Daily

CVE-2024-53110

In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fi...

Medium CVSS 5.5

Overview

In the Linux kernel, the following vulnerability has been resolved:

vp_vdpa: fix id_table array not null terminated error

Allocate one extra virtio_device_id as null terminator, otherwise
vdpa_mgmtdev_get_classes() may iterate multiple times and visit
undefined memory.

CWE: N/A Published: 2024-12-02T14:15:11.803
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.5 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags