CVE-2024-27431

Summary

In the Linux kernel, the following vulnerability has been resolved:

cpumap: Zero-initialise xdp_rxq_info struct before running XDP program

When running an XDP program that is attached to a cpumap entry, we don't initialise the xdp_rxq_info data structure being used in the xdp_buff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdp_md->rx_queue_index value for XDP programs running in a cpumap.

This means we're basically returning the contents of the uninitialised memory, which is bad. Fix this by zero-initialising the rxq data structure before running the XDP program.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9216477449f33cdbc9c9a99d49f500b7fbb81702 < 5f4e51abfbe6eb444fa91906a5cd083044278297affected
LinuxLinux9216477449f33cdbc9c9a99d49f500b7fbb81702 < f0363af9619c77730764f10360e36c6445c12f7baffected
LinuxLinux9216477449f33cdbc9c9a99d49f500b7fbb81702 < 3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95affected
LinuxLinux9216477449f33cdbc9c9a99d49f500b7fbb81702 < f562e4c4aab00986dde3093c4be919c3f2b85a4aaffected
LinuxLinux9216477449f33cdbc9c9a99d49f500b7fbb81702 < eaa7cb836659ced2d9f814ac32aa3ec193803ed6affected
LinuxLinux9216477449f33cdbc9c9a99d49f500b7fbb81702 < 2487007aa3b9fafbd2cb14068f49791ce1d7ede5affected
LinuxLinux5.9affected
LinuxLinux0 < 5.9unaffected
LinuxLinux5.10.213 <= 5.10.*unaffected
LinuxLinux5.15.152 <= 5.15.*unaffected
LinuxLinux6.1.82 <= 6.1.*unaffected
LinuxLinux6.6.22 <= 6.6.*unaffected
LinuxLinux6.7.10 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References