CVE-2024-42071

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jul 29, 2024

Updated: Jul 30, 2024

CWE ID 834

Summary

CVE-2024-42071 is a vulnerability affecting the Linux kernel that stems from the improper use of dev_consume_skb_any outside of a NAPI softirq context in the ionic driver. When not in a NAPI context, the call to napi_consume_skb() must be made with a budget of 0 to indicate an unsafe context. This issue was discovered during configuration stress testing, revealing a potential preemption violation leading to a BUG notice. The call stack indicated the issue originated from ionic_tx_clean(), which in turn called napi_skb_cache_put(). To mitigate this vulnerability, developers should pass a context hint to ionic_tx_clean() to ensure the correct usage of napi_consume_skb().

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database