CVE-2024-57933
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
21/01/2025
Last modified:
31/01/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
gve: guard XSK operations on the existence of queues<br />
<br />
This patch predicates the enabling and disabling of XSK pools on the<br />
existence of queues. As it stands, if the interface is down, disabling<br />
or enabling XSK pools would result in a crash, as the RX queue pointer<br />
would be NULL. XSK pool registration will occur as part of the next<br />
interface up.<br />
<br />
Similarly, xsk_wakeup needs be guarded against queues disappearing<br />
while the function is executing, so a check against the<br />
GVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the<br />
disabling of the bit and the synchronize_net() in gve_turndown.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.4 (including) | 6.6.70 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.9 (excluding) |
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page