CVE-2024-40999

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: ena: Add validation for completion descriptors consistency

Validate that first flag is set only for the first descriptor in multi-buffer packets. In case of an invalid descriptor, a reset will occur. A new reset reason for RX data corruption has been added.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1738cd3ed342294360d6a74d4e58800004bff854 < 42146ee5286f16f1674a84f7c274dcca65c6ff2eaffected
LinuxLinux1738cd3ed342294360d6a74d4e58800004bff854 < b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7affected
LinuxLinux4.9affected
LinuxLinux0 < 4.9unaffected
LinuxLinux6.9.7 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References