CVE-2024-57801: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57801 is a use-after-free vulnerability discovered in the Linux kernel's network driver component. The vulnerability affects the net/mlx5e driver, specifically during the driver unload process when handling vport representative TC rules. The issue was identified and disclosed on January 15, 2025, affecting Linux kernel versions from 6.6 up to 6.6.70, 6.7 up to 6.12.9, and 6.13-rc1 through 6.13-rc5 (NVD).

The vulnerability occurs during driver unload when unregisternetdev is called after unloading vport rep. At this point, the mlx5ereppriv is already freed while the system attempts to access rpriv->netdev or walk rpriv->tcht, resulting in a use-after-free condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements but high impact potential (NVD).

The use-after-free vulnerability could potentially lead to system crashes, memory corruption, or privilege escalation in affected Linux systems. The high CVSS score of 7.8 indicates that successful exploitation could result in complete compromise of system confidentiality, integrity, and availability (NVD).

The vulnerability has been patched in the Linux kernel through a fix that adds checking to ensure access to vport rep data only occurs while it is still loaded. The fix was implemented through commit 5a03b368562a7ff5f5f1f63b5adf8309cbdbd5be. Users are advised to update their Linux kernel to versions containing this fix (Kernel Patch).