In the Linux kernel, the following vulnerability has been resolved:
cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
When running an XDP program that is attached to a cpumap entry, we don't
initialise the xdp_rxq_info data structure being used in the xdp_buff
that backs the XDP program invocation. Tobias noticed that this leads to
random values being returned as the xdp_md->rx_queue_index value for XDP
programs running in a cpumap.
This means we're basically returning the contents of the uninitialised
memory, which is bad. Fix this by zero-initialising the rxq data
structure before running the XDP program.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-05-17T12:02:10.274Z
Updated: 2024-11-05T09:21:54.430Z
Reserved: 2024-02-25T13:47:42.686Z
Link: CVE-2024-27431
Vulnrichment
Updated: 2024-08-02T00:34:52.315Z
NVD
Status : Awaiting Analysis
Published: 2024-05-17T12:15:16.410
Modified: 2024-11-21T09:04:35.510
Link: CVE-2024-27431
Redhat