U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-38586 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently leading to calls to dma_unmap_single() with a null address. This was caused by rtl8169_start_xmit() not noticing changes to nr_frags which may occur when small packets are padded (to work around hardware quirks) in rtl8169_tso_csum_v2(). To fix this, postpone inspecting nr_frags until after any padding has been applied.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6
https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6
https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d
https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d
https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479
https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479
https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27
https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27
https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1
https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1
https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd
https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd
https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417
https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417

Weakness Enumeration

CWE-ID CWE Name Source

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-38586
NVD Published Date:
06/19/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org