Cyber Resilience

CVE-2024-57801

High

Published: 15 January 2025

Published
15 January 2025
Modified
11 February 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 3.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57801 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2024-57801 is a use-after-free vulnerability (CWE-416) in the Linux kernel's net/mlx5e driver, which handles Mellanox/NVIDIA ConnectX Ethernet functionality. The issue arises during driver unload when unregister_netdev is called after unloading the vport representor (rep). This leads to attempts to access the already-freed mlx5e_rep_priv structure, such as retrieving rpriv->netdev or walking rpriv->tc_ht, while restoring Traffic Control (TC) rules for a vport rep lacking a loaded flag. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Exploitation occurs during the driver unload process, potentially allowing arbitrary code execution, data corruption, or system crashes due to the use-after-free, with high impacts on confidentiality, integrity, and availability in the unchanged security scope.

Mitigation involves applying kernel patches from stable repositories, which add checks to skip TC rule restoration for vport reps without the loaded flag, ensuring data access only occurs when the rep is still loaded. Relevant commits include https://git.kernel.org/stable/c/3e45dd1622a2c1a83c11bf42fdd8c1810123d6c0, https://git.kernel.org/stable/c/47c78d3fc26e38ab805613a0f592dc8a820c7c64, and https://git.kernel.org/stable/c/5a03b368562a7ff5f5f1f63b5adf8309cbdbd5be.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloading vport rep. So, the mlx5e_rep_priv is already freed while trying to…

more

get rpriv->netdev, or walk rpriv->tc_ht, which results in use-after-free. So add the checking to make sure access the data of vport rep which is still loaded.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel use-after-free enabling arbitrary code execution for privilege escalation from low-privileged user context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel
CVE-2026-23001Same product: Linux Linux Kernel
CVE-2024-50051Same product: Linux Linux Kernel
CVE-2025-21759Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.13 · 6.6 — 6.6.70 · 6.7 — 6.12.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely remediation of identified flaws, such as applying kernel patches that fix the use-after-free in the mlx5e driver during vport rep unload.

prevent

Implements memory protection mechanisms like ASLR and stack canaries that mitigate exploitation of the use-after-free vulnerability in mlx5e_rep_priv.

detect

Enables vulnerability scanning to identify systems running vulnerable Linux kernel versions affected by CVE-2024-57801 in the net/mlx5e driver.

References