CVE-2024-49953: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49953 affects the Linux kernel's net/mlx5e subsystem, specifically related to a crash caused by calling _xfrmstate_delete() twice. The vulnerability was discovered in September 2024 and affects Linux kernel versions from 6.4 up to (excluding) 6.6.55, from 6.7 up to (excluding) 6.10.14, and from 6.11 up to (excluding) 6.11.3 (NVD).

The vulnerability occurs when km.state is not properly checked in the driver's delayed work. When xfrmstatecheckexpire() is called, the state can be reset to XFRMSTATEEXPIRED, even if it is already XFRMSTATEDEAD. This happens when the xfrm state is deleted but not yet freed. As a result, _xfrmstatedelete() is called again in the xfrm timer, leading to a system crash. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability results in a general protection fault in the Linux kernel, causing a system crash. This primarily affects system availability and can lead to denial of service conditions (Kernel Patch).

The issue has been fixed by adding a check to skip xfrmstatecheckexpire() if km.state is not XFRMSTATE_VALID. The fix has been implemented in the Linux kernel through patches. Users should update their systems to the latest kernel versions: 6.6.55 or later for the 6.6 series, 6.10.14 or later for the 6.10 series, and 6.11.3 or later for the 6.11 series (Kernel Patch).