CVE-2024-42073

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jul 29, 2024

Updated: Jul 30, 2024

CWE ID 416

Summary

CVE-2024-42073: A vulnerability in the Linux kernel affecting Spectrum-4 systems has been addressed. The issue lies in the mlxsw driver, which incorrectly specifies absolute port numbers instead of relative ones when filling the Shared Buffer Status Register (SBSR). This results in memory corruptions and potential crashes. The vulnerability was discovered during a KASAN memory error, and tasks devlink and 1 were identified as being involved in the allocation and freeing of the affected memory.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xUVkE2
https://www.cve.org/CVERecord?id=CVE-2024-42073
https://nvd.nist.gov/vuln/detail/CVE-2024-42073

Back to Vulnerability Database

CVE-2024-42073

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations