CVE-2024-27431

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-27431
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27431.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-27431
Downstream
Related
Published
2024-05-17T12:02:10.274Z
Modified
2026-03-20T12:35:27.567841Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
Details

In the Linux kernel, the following vulnerability has been resolved:

cpumap: Zero-initialise xdprxqinfo struct before running XDP program

When running an XDP program that is attached to a cpumap entry, we don't initialise the xdprxqinfo data structure being used in the xdpbuff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdpmd->rxqueueindex value for XDP programs running in a cpumap.

This means we're basically returning the contents of the uninitialised memory, which is bad. Fix this by zero-initialising the rxq data structure before running the XDP program.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27431.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9216477449f33cdbc9c9a99d49f500b7fbb81702
Fixed
5f4e51abfbe6eb444fa91906a5cd083044278297
Fixed
f0363af9619c77730764f10360e36c6445c12f7b
Fixed
3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95
Fixed
f562e4c4aab00986dde3093c4be919c3f2b85a4a
Fixed
eaa7cb836659ced2d9f814ac32aa3ec193803ed6
Fixed
2487007aa3b9fafbd2cb14068f49791ce1d7ede5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27431.json"