U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-50094

Change History

New CVE Received from kernel.org 11/05/2024 12:15:06 PM

Action Type Old Value New Value
Added Description

								
							
							
						
In the Linux kernel, the following vulnerability has been resolved:

sfc: Don't invoke xdp_do_flush() from netpoll.

Yury reported a crash in the sfc driver originated from
netpoll_send_udp(). The netconsole sends a message and then netpoll
invokes the driver's NAPI function with a budget of zero. It is
dedicated to allow driver to free TX resources, that it may have used
while sending the packet.

In the netpoll case the driver invokes xdp_do_flush() unconditionally,
leading to crash because bpf_net_context was never assigned.

Invoke xdp_do_flush() only if budget is not zero.
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/55e802468e1d38dec8e25a2fdb6078d45b647e8c [No types assigned]
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/65d4fc76d75c136744e67754d20feda609e7b793 [No types assigned]