{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53240", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:25.026Z", "datePublished": "2024-12-24T09:22:36.448Z", "dateUpdated": "2024-12-24T10:02:52.820Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-24T09:22:36.448Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netfront: fix crash when removing device\n\nWhen removing a netfront device directly after a suspend/resume cycle\nit might happen that the queues have not been setup again, causing a\ncrash during the attempt to stop the queues another time.\n\nFix that by checking the queues are existing before trying to stop\nthem.\n\nThis is XSA-465 / CVE-2024-53240."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/xen-netfront.c"], "versions": [{"version": "ed773dd798bf720756d20021b8d8a4a3d7184bda", "lessThan": "20f7f0cf7af5d81b218202ef504223af84b16a8f", "status": "affected", "versionType": "git"}, {"version": "e6860c889f4ad50b6ab696f5ea154295d72cf27a", "lessThan": "1d5354a9182b6d302ae10367cbec1ca339d4e4e7", "status": "affected", "versionType": "git"}, {"version": "e6e897d4fe2f89c0bd94600a40bedf5e6e75e050", "lessThan": "2657ba851fa3381256d81e431b20041dc232fd88", "status": "affected", "versionType": "git"}, {"version": "d50b7914fae04d840ce36491d22133070b18cca9", "lessThan": "8b41e6bccf7de93982781be4125211443382e66d", "status": "affected", "versionType": "git"}, {"version": "d50b7914fae04d840ce36491d22133070b18cca9", "lessThan": "fe9a8f5250aed0948b668c8a4e051e3b0fc29f09", "status": "affected", "versionType": "git"}, {"version": "d50b7914fae04d840ce36491d22133070b18cca9", "lessThan": "7728e974ffbf14f17648dd92ea640b42b654d47c", "status": "affected", "versionType": "git"}, {"version": "d50b7914fae04d840ce36491d22133070b18cca9", "lessThan": "f9244fb55f37356f75c739c57323d9422d7aa0f8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/xen-netfront.c"], "versions": [{"version": "6.1", "status": "affected"}, {"version": "0", "lessThan": "6.1", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.288", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.232", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.175", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.121", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.67", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.6", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13-rc4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/20f7f0cf7af5d81b218202ef504223af84b16a8f"}, {"url": "https://git.kernel.org/stable/c/1d5354a9182b6d302ae10367cbec1ca339d4e4e7"}, {"url": "https://git.kernel.org/stable/c/2657ba851fa3381256d81e431b20041dc232fd88"}, {"url": "https://git.kernel.org/stable/c/8b41e6bccf7de93982781be4125211443382e66d"}, {"url": "https://git.kernel.org/stable/c/fe9a8f5250aed0948b668c8a4e051e3b0fc29f09"}, {"url": "https://git.kernel.org/stable/c/7728e974ffbf14f17648dd92ea640b42b654d47c"}, {"url": "https://git.kernel.org/stable/c/f9244fb55f37356f75c739c57323d9422d7aa0f8"}], "title": "xen/netfront: fix crash when removing device", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://xenbits.xen.org/xsa/advisory-465.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-12-24T10:02:52.820Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netfront: fix crash when removing device\n\nWhen removing a netfront device directly after a suspend/resume cycle\nit might happen that the queues have not been setup again, causing a\ncrash during the attempt to stop the queues another time.\n\nFix that by checking the queues are existing before trying to stop\nthem.\n\nThis is XSA-465 / CVE-2024-53240."}], "id": "CVE-2024-53240", "lastModified": "2024-12-24T10:15:06.460", "metrics": {}, "published": "2024-12-24T10:15:06.460", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1d5354a9182b6d302ae10367cbec1ca339d4e4e7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/20f7f0cf7af5d81b218202ef504223af84b16a8f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2657ba851fa3381256d81e431b20041dc232fd88"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7728e974ffbf14f17648dd92ea640b42b654d47c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8b41e6bccf7de93982781be4125211443382e66d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f9244fb55f37356f75c739c57323d9422d7aa0f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fe9a8f5250aed0948b668c8a4e051e3b0fc29f09"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xenbits.xen.org/xsa/advisory-465.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: xen: netfront: Backend can crash Linux netfront (Xen Security Advisory 465)", "id": "2331325", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331325"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nxen/netfront: fix crash when removing device\nWhen removing a netfront device directly after a suspend/resume cycle\nit might happen that the queues have not been setup again, causing a\ncrash during the attempt to stop the queues another time.\nFix that by checking the queues are existing before trying to stop\nthem.\nThis is XSA-465 / CVE-2024-53240."], "name": "CVE-2024-53240", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-12-17T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53240\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53240"], "statement": "Only systems with non-trusted network backends are vulnerable.\nAs far as known only Linux guests with the fix for CVE-2022-48969 applied\nare vulnerable (this includes all kernel versions from 6.1 onwards)", "threat_severity": "Moderate"}