CVE-2024-50094

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-50094
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50094.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50094
Downstream
Related
Published
2024-11-05T17:04:57Z
Modified
2025-10-09T20:45:56.447636Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
sfc: Don't invoke xdp_do_flush() from netpoll.
Details

In the Linux kernel, the following vulnerability has been resolved:

sfc: Don't invoke xdpdoflush() from netpoll.

Yury reported a crash in the sfc driver originated from netpollsendudp(). The netconsole sends a message and then netpoll invokes the driver's NAPI function with a budget of zero. It is dedicated to allow driver to free TX resources, that it may have used while sending the packet.

In the netpoll case the driver invokes xdpdoflush() unconditionally, leading to crash because bpfnetcontext was never assigned.

Invoke xdpdoflush() only if budget is not zero.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
401cb7dae8130fd34eb84648e02ab4c506df7d5e
Fixed
65d4fc76d75c136744e67754d20feda609e7b793
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
401cb7dae8130fd34eb84648e02ab4c506df7d5e
Fixed
55e802468e1d38dec8e25a2fdb6078d45b647e8c

Affected versions

v6.*

v6.10
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.2
v6.11.3
v6.12-rc1

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.11.4