CVE-2024-53211

MEDIUM EPSS 8.0%
Published Dec 27, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Dec 27, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tp_exit_net found by syzbot In l2tp's net exit handler, we check that an IDR is empty before destroying it: WARN_ON_ONCE(!idr_is_empty(&pn->l2tp_tunnel_idr)); idr_destroy(&pn->l2tp_tunnel_idr); By forcing memory allocation failures in idr_alloc_32, syzbot is able to provoke a condition where idr_is_empty returns false despite there being no items in the IDR. This turns out to be because the radix tree of the IDR contains only internal radix-tree nodes and it is this that causes idr_is_empty to return false. The internal nodes are cleaned by idr_destroy. Use idr_for_each to check that the IDR is empty instead of idr_is_empty to avoid the problem.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
8.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 1

VendorProductVersionRange
linuxlinux_kernel*≥6.12  –  <6.12.2

References 2

  • git.kernel.org https://git.kernel.org/stable/c/5d066766c5f1252f98ff859265bcd1a5b52ac46c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a487cc8986d6dd75b60b59004f3bd2ea9b4dd541
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/5d066766c5f1252f98ff859265bcd1a5b52ac46c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a487cc8986d6dd75b60b59004f3bd2ea9b4dd541
    Patch