CVE-2024-57933

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
21/01/2025
Last modified:
31/01/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> gve: guard XSK operations on the existence of queues<br /> <br /> This patch predicates the enabling and disabling of XSK pools on the<br /> existence of queues. As it stands, if the interface is down, disabling<br /> or enabling XSK pools would result in a crash, as the RX queue pointer<br /> would be NULL. XSK pool registration will occur as part of the next<br /> interface up.<br /> <br /> Similarly, xsk_wakeup needs be guarded against queues disappearing<br /> while the function is executing, so a check against the<br /> GVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the<br /> disabling of the bit and the synchronize_net() in gve_turndown.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.4 (including) 6.6.70 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.9 (excluding)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*