{"vulnerability": "CVE-2024-53064", "sightings": [{"uuid": "62503881-30fe-4c1e-8f49-ae885bb0b968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53064", "type": "seen", "source": "https://t.me/cvedetector/11492", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53064 - Linux idpf: Null Pointer Dereference Vulnerability in Device Control Plane\", \n  \"Content\": \"CVE ID : CVE-2024-53064 \nPublished : Nov. 19, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nidpf: fix idpf_vc_core_init error path  \n  \nIn an event where the platform running the device control plane  \nis rebooted, reset is detected on the driver. It releases  \nall the resources and waits for the reset to complete. Once the  \nreset is done, it tries to build the resources back. At this  \ntime if the device control plane is not yet started, then  \nthe driver timeouts on the virtchnl message and retries to  \nestablish the mailbox again.  \n  \nIn the retry flow, mailbox is deinitialized but the mailbox  \nworkqueue is still alive and polling for the mailbox message.  \nThis results in accessing the released control queue leading to  \nnull-ptr-deref. Fix it by unrolling the work queue cancellation  \nand mailbox deinitialization in the reverse order which they got  \ninitialized. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T20:09:54.000000Z"}]}