{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40999", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.608Z", "datePublished": "2024-07-12T12:37:40.507Z", "dateUpdated": "2024-11-05T09:34:46.937Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:34:46.937Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Add validation for completion descriptors consistency\n\nValidate that `first` flag is set only for the first\ndescriptor in multi-buffer packets.\nIn case of an invalid descriptor, a reset will occur.\nA new reset reason for RX data corruption has been added."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/amazon/ena/ena_eth_com.c", "drivers/net/ethernet/amazon/ena/ena_netdev.c", "drivers/net/ethernet/amazon/ena/ena_regs_defs.h"], "versions": [{"version": "1da177e4c3f4", "lessThan": "42146ee5286f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "b37b98a3a0c1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/amazon/ena/ena_eth_com.c", "drivers/net/ethernet/amazon/ena/ena_netdev.c", "drivers/net/ethernet/amazon/ena/ena_regs_defs.h"], "versions": [{"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/42146ee5286f16f1674a84f7c274dcca65c6ff2e"}, {"url": "https://git.kernel.org/stable/c/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7"}], "title": "net: ena: Add validation for completion descriptors consistency", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.158Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/42146ee5286f16f1674a84f7c274dcca65c6ff2e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40999", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:01:22.448911Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:19.348Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/42146ee5286f16f1674a84f7c274dcca65c6ff2e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.158Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40999", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:01:22.448911Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:21.988Z"}}], "cna": {"title": "net: ena: Add validation for completion descriptors consistency", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "42146ee5286f", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "b37b98a3a0c1", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/amazon/ena/ena_eth_com.c", "drivers/net/ethernet/amazon/ena/ena_netdev.c", "drivers/net/ethernet/amazon/ena/ena_regs_defs.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.9.7", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/amazon/ena/ena_eth_com.c", "drivers/net/ethernet/amazon/ena/ena_netdev.c", "drivers/net/ethernet/amazon/ena/ena_regs_defs.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/42146ee5286f16f1674a84f7c274dcca65c6ff2e"}, {"url": "https://git.kernel.org/stable/c/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Add validation for completion descriptors consistency\n\nValidate that `first` flag is set only for the first\ndescriptor in multi-buffer packets.\nIn case of an invalid descriptor, a reset will occur.\nA new reset reason for RX data corruption has been added."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:34:46.937Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40999", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:34:46.937Z", "dateReserved": "2024-07-12T12:17:45.608Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:37:40.507Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Add validation for completion descriptors consistency\n\nValidate that `first` flag is set only for the first\ndescriptor in multi-buffer packets.\nIn case of an invalid descriptor, a reset will occur.\nA new reset reason for RX data corruption has been added."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: ena: agregue validaci\u00f3n para la coherencia de los descriptores de finalizaci\u00f3n. Valide que el indicador \"primer\" est\u00e9 configurado solo para el primer descriptor en paquetes de m\u00faltiples b\u00fafer. En caso de un descriptor no v\u00e1lido, se producir\u00e1 un reinicio. Se ha agregado un nuevo motivo de reinicio para la corrupci\u00f3n de datos RX."}], "id": "CVE-2024-40999", "lastModified": "2024-07-12T16:34:58.687", "metrics": {}, "published": "2024-07-12T13:15:20.920", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/42146ee5286f16f1674a84f7c274dcca65c6ff2e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: ena: Add validation for completion descriptors consistency", "id": "2297583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297583"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: ena: Add validation for completion descriptors consistency\nValidate that `first` flag is set only for the first\ndescriptor in multi-buffer packets.\nIn case of an invalid descriptor, a reset will occur.\nA new reset reason for RX data corruption has been added."], "name": "CVE-2024-40999", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40999\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40999\nhttps://lore.kernel.org/linux-cve-announce/2024071252-CVE-2024-40999-8c1b@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.9.7, kernel 6.10-rc1"}