CVE-2024-57933

UNKNOWN

Published 2025-01-21T12:01:29.882Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-57933. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

gve: guard XSK operations on the existence of queues

This patch predicates the enabling and disabling of XSK pools on the
existence of queues. As it stands, if the interface is down, disabling
or enabling XSK pools would result in a crash, as the RX queue pointer
would be NULL. XSK pool registration will occur as part of the next
interface up.

Similarly, xsk_wakeup needs be guarded against queues disappearing
while the function is executing, so a check against the
GVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the
disabling of the bit and the synchronize_net() in gve_turndown.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

fd8e40321a12391e6f554cc637d0c4b6109682a9 fd8e40321a12391e6f554cc637d0c4b6109682a9 fd8e40321a12391e6f554cc637d0c4b6109682a9

Linux

Affected Versions:

6.4 0 6.6.70 6.12.9 6.13

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-qw8g-4j5w-5j26

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK pools would result in a crash, as the RX queue pointer would be NULL. XSK pool registration will occur as part of the next interface up. Similarly, xsk_wakeup needs be guarded against queues disappearing while the function is executing, so a check against the GVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the disabling of the bit and the synchronize_net() in gve_turndown.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-57933

WEB https://git.kernel.org/stable/c/40338d7987d810fcaa95c500b1068a52b08eec9b

WEB https://git.kernel.org/stable/c/771d66f2bd8c4dba1286a9163ab982cecd825718

WEB https://git.kernel.org/stable/c/8e8d7037c89437af12725f454e2eaf40e8166c0f

Advisory provided by GitHub Security Advisory Database. Published: January 21, 2025, Modified: January 31, 2025

References

https://git.kernel.org/stable/c/771d66f2bd8c4dba1286a9163ab982cecd825718

https://git.kernel.org/stable/c/8e8d7037c89437af12725f454e2eaf40e8166c0f

https://git.kernel.org/stable/c/40338d7987d810fcaa95c500b1068a52b08eec9b

Published: 2025-01-21T12:01:29.882Z

Last Modified: 2025-05-04T10:06:57.881Z

Copied to clipboard!

CVE-2024-57933

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!