CVE-2024-57932

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> gve: guard XDP xmit NDO on existence of xdp queues<br /> <br /> In GVE, dedicated XDP queues only exist when an XDP program is installed<br /> and the interface is up. As such, the NDO XDP XMIT callback should<br /> return early if either of these conditions are false.<br /> <br /> In the case of no loaded XDP program, priv-&gt;num_xdp_queues=0 which can<br /> cause a divide-by-zero error, and in the case of interface down,<br /> num_xdp_queues remains untouched to persist XDP queue count for the next<br /> interface up, but the TX pointer itself would be NULL.<br /> <br /> The XDP xmit callback also needs to synchronize with a device<br /> transitioning from open to close. This synchronization will happen via<br /> the GVE_PRIV_FLAGS_NAPI_ENABLED bit along with a synchronize_net() call,<br /> which waits for any RCU critical sections at call-time to complete.