CVE-2024-27431

MEDIUM

Published 2024-05-17T12:02:10.274Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-27431. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

5.5

/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.019

Higher than 1.9% of all CVEs

Attack Vector Metrics

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Description

In the Linux kernel, the following vulnerability has been resolved:

cpumap: Zero-initialise xdp_rxq_info struct before running XDP program

When running an XDP program that is attached to a cpumap entry, we don't
initialise the xdp_rxq_info data structure being used in the xdp_buff
that backs the XDP program invocation. Tobias noticed that this leads to
random values being returned as the xdp_md->rx_queue_index value for XDP
programs running in a cpumap.

This means we're basically returning the contents of the uninitialised
memory, which is bad. Fix this by zero-initialising the rxq data
structure before running the XDP program.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

9216477449f33cdbc9c9a99d49f500b7fbb81702 9216477449f33cdbc9c9a99d49f500b7fbb81702 9216477449f33cdbc9c9a99d49f500b7fbb81702 9216477449f33cdbc9c9a99d49f500b7fbb81702 9216477449f33cdbc9c9a99d49f500b7fbb81702 9216477449f33cdbc9c9a99d49f500b7fbb81702

Linux

Affected Versions:

5.9 0 5.10.213 5.15.152 6.1.82 6.6.22 6.7.10 6.8

linux

linux_kernel

Affected Versions:

9216477449f3

linux

linux_kernel

Affected Versions:

5.9

linux

linux_kernel

Affected Versions:

linux

linux_kernel

Affected Versions:

5.10.213

linux

linux_kernel

Affected Versions:

5.15.152

linux

linux_kernel

Affected Versions:

6.1.82

linux

linux_kernel

Affected Versions:

6.6.22

linux

linux_kernel

Affected Versions:

6.7.10

linux

linux_kernel

Affected Versions:

6.8

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-4h53-xcvw-8wpx

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdp_rxq_info data structure being used in the xdp_buff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdp_md->rx_queue_index value for XDP programs running in a cpumap. This means we're basically returning the contents of the uninitialised memory, which is bad. Fix this by zero-initialising the rxq data structure before running the XDP program.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-27431

WEB https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5

WEB https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95

WEB https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297

WEB https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6

WEB https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b

WEB https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a

WEB https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Advisory provided by GitHub Security Advisory Database. Published: May 17, 2024, Modified: July 3, 2024

References

https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297

https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b

https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95

https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a

https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6

https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5

Published: 2024-05-17T12:02:10.274Z

Last Modified: 2025-05-04T09:04:51.900Z

Copied to clipboard!

CVE-2024-27431

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!