CVE-2024-57933

MEDIUM

Linux Kernel 6.4-6.6.70, 6.7-6.12.9 - NULL Pointer Dereference in GVE XSK Operations

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK pools would result in a crash, as the RX queue pointer would be NULL. XSK pool registration will occur as part of the next interface up. Similarly, xsk_wakeup needs be guarded against queues disappearing while the function is executing, so a check against the GVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the disabling of the bit and the synchronize_net() in gve_turndown.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/771d66f2bd8c4dba1286a9163ab982cecd825718

Patch

https://git.kernel.org/stable/c/8e8d7037c89437af12725f454e2eaf40e8166c0f

Patch

https://git.kernel.org/stable/c/40338d7987d810fcaa95c500b1068a52b08eec9b

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 9.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (12)

linux/Kernel 6.4.0 - 6.6.70linux

linux/Kernel 6.7.0 - 6.12.9linux

Linux/Linux < 6.4

Linux/Linux 6.12.9 - 6.12.*

Linux/Linux 6.13

Linux/Linux 6.4

Linux/Linux 6.6.70 - 6.6.*

Linux/Linux fd8e40321a12391e6f554cc637d0c4b6109682a9 - 40338d7987d810fcaa95c500b1068a52b08eec9b

Linux/Linux fd8e40321a12391e6f554cc637d0c4b6109682a9 - 771d66f2bd8c4dba1286a9163ab982cecd825718

Linux/Linux fd8e40321a12391e6f554cc637d0c4b6109682a9 - 8e8d7037c89437af12725f454e2eaf40e8166c0f

... and 2 more

Published Jan 21, 2025

Tracked Since Feb 18, 2026