CVE-2024-40937

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-40937

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40937.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-40937

Downstream

BELL-CVE-2024-40937

DEBIAN-CVE-2024-40937

DLA-4008-1

DSA-5731-1

OESA-2025-1097

SUSE-SU-2024:2802-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2893-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2923-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2940-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2948-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:02069-1

SUSE-SU-2025:02095-1

SUSE-SU-2025:02106-1

SUSE-SU-2025:02117-1

SUSE-SU-2025:02124-1

SUSE-SU-2025:02125-1

SUSE-SU-2025:02126-1

SUSE-SU-2025:02131-1

SUSE-SU-2025:02139-1

SUSE-SU-2025:02142-1

SUSE-SU-2025:02144-1

SUSE-SU-2025:02157-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

UBUNTU-CVE-2024-40937

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7007-1

USN-7007-2

USN-7007-3

USN-7008-1

USN-7009-1

USN-7009-2

USN-7019-1

USN-7029-1

Related

Published

2024-07-12T12:25:13.807Z

Modified

2026-03-20T12:37:25.242841Z

Summary

gve: Clear napi->skb before dev_kfree_skb_any()

Details

In the Linux kernel, the following vulnerability has been resolved:

gve: Clear napi->skb before devkfreeskb_any()

gverxfreeskb incorrectly leaves napi->skb referencing an skb after it is freed with devkfreeskbany(). This can result in a subsequent call to napigetfrags returning a dangling pointer.

Fix this by clearing napi->skb before the skb is freed.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40937.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9b8dd5e5ea48bbb7532d20c4093a79d8283e4029

Fixed

75afd8724739ee5ed8165acde5f6ac3988b485cc

Fixed

d221284991118c0ab16480b53baecd857c0bc442

Fixed

2ce5341c36993b776012601921d7688693f8c037

Fixed

a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50

Fixed

6f4d93b78ade0a4c2cafd587f7b429ce95abb02e

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40937.json"