CVE-2024-40923 - Vulnerability Details

Vendors	Products
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

Link	Providers
https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5
https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017
https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456
https://lore.kernel.org/linux-cve-announce/2024071213-CVE-2024-40923-5e9e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-40923
https://www.cve.org/CVERecord?id=CVE-2024-40923

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40923", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.582Z", "datePublished": "2024-07-12T12:25:04.245Z", "dateUpdated": "2025-05-04T09:17:55.502Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:17:55.502Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: disable rx data ring on dma allocation failure\n\nWhen vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base,\nthe subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset\nrq->data_ring.desc_size for the data ring that failed, which presumably\ncauses the hypervisor to reference it on packet reception.\n\nTo fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell\nthe hypervisor to disable this feature.\n\n[   95.436876] kernel BUG at net/core/skbuff.c:207!\n[   95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[   95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1\n[   95.441558] Hardware name: VMware, Inc. VMware Virtual\nPlatform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018\n[   95.443481] RIP: 0010:skb_panic+0x4d/0x4f\n[   95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50\nff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9\nff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24\n[   95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246\n[   95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f\n[   95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f\n[   95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60\n[   95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000\n[   95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0\n[   95.455682] FS:  0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000\n[   95.457178] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0\n[   95.459791] Call Trace:\n[   95.460515]  <IRQ>\n[   95.461180]  ? __die_body.cold+0x19/0x27\n[   95.462150]  ? die+0x2e/0x50\n[   95.462976]  ? do_trap+0xca/0x110\n[   95.463973]  ? do_error_trap+0x6a/0x90\n[   95.464966]  ? skb_panic+0x4d/0x4f\n[   95.465901]  ? exc_invalid_op+0x50/0x70\n[   95.466849]  ? skb_panic+0x4d/0x4f\n[   95.467718]  ? asm_exc_invalid_op+0x1a/0x20\n[   95.468758]  ? skb_panic+0x4d/0x4f\n[   95.469655]  skb_put.cold+0x10/0x10\n[   95.470573]  vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3]\n[   95.471853]  vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3]\n[   95.473185]  __napi_poll+0x2b/0x160\n[   95.474145]  net_rx_action+0x2c6/0x3b0\n[   95.475115]  handle_softirqs+0xe7/0x2a0\n[   95.476122]  __irq_exit_rcu+0x97/0xb0\n[   95.477109]  common_interrupt+0x85/0xa0\n[   95.478102]  </IRQ>\n[   95.478846]  <TASK>\n[   95.479603]  asm_common_interrupt+0x26/0x40\n[   95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20\n[   95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90\n[   95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246\n[   95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000\n[   95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001\n[   95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3\n[   95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260\n[   95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000\n[   95.495035]  acpi_safe_halt+0x14/0x20\n[   95.496127]  acpi_idle_do_entry+0x2f/0x50\n[   95.497221]  acpi_idle_enter+0x7f/0xd0\n[   95.498272]  cpuidle_enter_state+0x81/0x420\n[   95.499375]  cpuidle_enter+0x2d/0x40\n[   95.500400]  do_idle+0x1e5/0x240\n[   95.501385]  cpu_startup_entry+0x29/0x30\n[   95.502422]  start_secondary+0x11c/0x140\n[   95.503454]  common_startup_64+0x13e/0x141\n[   95.504466]  </TASK>\n[   95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4\nnft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6\nnft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip\n---truncated---"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/vmxnet3/vmxnet3_drv.c"], "versions": [{"version": "6f4833383e8514ea796d094e05c24889b8997fde", "lessThan": "9ee14af24e67ef170108db547f7d1f701b3f2bc5", "status": "affected", "versionType": "git"}, {"version": "6f4833383e8514ea796d094e05c24889b8997fde", "lessThan": "aa116ae9d169e28b692292460aed27fc44f4a017", "status": "affected", "versionType": "git"}, {"version": "6f4833383e8514ea796d094e05c24889b8997fde", "lessThan": "ffbe335b8d471f79b259e950cb20999700670456", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/vmxnet3/vmxnet3_drv.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.6.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.9.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5"}, {"url": "https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017"}, {"url": "https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456"}], "title": "vmxnet3: disable rx data ring on dma allocation failure", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.850Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40923", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:24.017476Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:28.476Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-40923 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-07-12T12:17:45.582Z (string)

datePublished : 2024-07-12T12:25:04.245Z (string)

dateUpdated : 2025-05-04T09:17:55.502Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T09:17:55.502Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: vmxnet3: disable rx data ring on dma allocation failure When vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base, the subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset rq->data_ring.desc_size for the data ring that failed, which presumably causes the hypervisor to reference it on packet reception. To fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell the hypervisor to disable this feature. [ 95.436876] kernel BUG at net/core/skbuff.c:207! [ 95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1 [ 95.441558] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018 [ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f [ 95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50 ff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9 ff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24 [ 95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246 [ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f [ 95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f [ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60 [ 95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000 [ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0 [ 95.455682] FS: 0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000 [ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0 [ 95.459791] Call Trace: [ 95.460515] <IRQ> [ 95.461180] ? __die_body.cold+0x19/0x27 [ 95.462150] ? die+0x2e/0x50 [ 95.462976] ? do_trap+0xca/0x110 [ 95.463973] ? do_error_trap+0x6a/0x90 [ 95.464966] ? skb_panic+0x4d/0x4f [ 95.465901] ? exc_invalid_op+0x50/0x70 [ 95.466849] ? skb_panic+0x4d/0x4f [ 95.467718] ? asm_exc_invalid_op+0x1a/0x20 [ 95.468758] ? skb_panic+0x4d/0x4f [ 95.469655] skb_put.cold+0x10/0x10 [ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3] [ 95.471853] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3] [ 95.473185] __napi_poll+0x2b/0x160 [ 95.474145] net_rx_action+0x2c6/0x3b0 [ 95.475115] handle_softirqs+0xe7/0x2a0 [ 95.476122] __irq_exit_rcu+0x97/0xb0 [ 95.477109] common_interrupt+0x85/0xa0 [ 95.478102] </IRQ> [ 95.478846] <TASK> [ 95.479603] asm_common_interrupt+0x26/0x40 [ 95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246 [ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000 [ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001 [ 95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3 [ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260 [ 95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000 [ 95.495035] acpi_safe_halt+0x14/0x20 [ 95.496127] acpi_idle_do_entry+0x2f/0x50 [ 95.497221] acpi_idle_enter+0x7f/0xd0 [ 95.498272] cpuidle_enter_state+0x81/0x420 [ 95.499375] cpuidle_enter+0x2d/0x40 [ 95.500400] do_idle+0x1e5/0x240 [ 95.501385] cpu_startup_entry+0x29/0x30 [ 95.502422] start_secondary+0x11c/0x140 [ 95.503454] common_startup_64+0x13e/0x141 [ 95.504466] </TASK> [ 95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip ---truncated--- (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/net/vmxnet3/vmxnet3_drv.c (string)

]

versions : [ »

0 : { »

version : 6f4833383e8514ea796d094e05c24889b8997fde (string)

lessThan : 9ee14af24e67ef170108db547f7d1f701b3f2bc5 (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 6f4833383e8514ea796d094e05c24889b8997fde (string)

lessThan : aa116ae9d169e28b692292460aed27fc44f4a017 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 6f4833383e8514ea796d094e05c24889b8997fde (string)

lessThan : ffbe335b8d471f79b259e950cb20999700670456 (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/net/vmxnet3/vmxnet3_drv.c (string)

]

versions : [ »

0 : { »

version : 6.3 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 6.3 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 6.6.35 (string)

lessThanOrEqual : 6.6.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 6.9.6 (string)

lessThanOrEqual : 6.9.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 6.10 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 6.3 (string)

versionEndExcluding : 6.6.35 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 6.3 (string)

versionEndExcluding : 6.9.6 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 6.3 (string)

versionEndExcluding : 6.10 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456 (string)

}

]

title : vmxnet3: disable rx data ring on dma allocation failure (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T04:39:55.850Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-40923 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T17:05:24.017476Z (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T17:34:28.476Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.850Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40923", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:24.017476Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:23.509Z"}}], "cna": {"title": "vmxnet3: disable rx data ring on dma allocation failure", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6f4833383e8514ea796d094e05c24889b8997fde", "lessThan": "9ee14af24e67ef170108db547f7d1f701b3f2bc5", "versionType": "git"}, {"status": "affected", "version": "6f4833383e8514ea796d094e05c24889b8997fde", "lessThan": "aa116ae9d169e28b692292460aed27fc44f4a017", "versionType": "git"}, {"status": "affected", "version": "6f4833383e8514ea796d094e05c24889b8997fde", "lessThan": "ffbe335b8d471f79b259e950cb20999700670456", "versionType": "git"}], "programFiles": ["drivers/net/vmxnet3/vmxnet3_drv.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.3"}, {"status": "unaffected", "version": "0", "lessThan": "6.3", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.35", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/vmxnet3/vmxnet3_drv.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5"}, {"url": "https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017"}, {"url": "https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: disable rx data ring on dma allocation failure\n\nWhen vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base,\nthe subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset\nrq->data_ring.desc_size for the data ring that failed, which presumably\ncauses the hypervisor to reference it on packet reception.\n\nTo fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell\nthe hypervisor to disable this feature.\n\n[   95.436876] kernel BUG at net/core/skbuff.c:207!\n[   95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[   95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1\n[   95.441558] Hardware name: VMware, Inc. VMware Virtual\nPlatform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018\n[   95.443481] RIP: 0010:skb_panic+0x4d/0x4f\n[   95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50\nff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9\nff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24\n[   95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246\n[   95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f\n[   95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f\n[   95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60\n[   95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000\n[   95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0\n[   95.455682] FS:  0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000\n[   95.457178] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0\n[   95.459791] Call Trace:\n[   95.460515]  <IRQ>\n[   95.461180]  ? __die_body.cold+0x19/0x27\n[   95.462150]  ? die+0x2e/0x50\n[   95.462976]  ? do_trap+0xca/0x110\n[   95.463973]  ? do_error_trap+0x6a/0x90\n[   95.464966]  ? skb_panic+0x4d/0x4f\n[   95.465901]  ? exc_invalid_op+0x50/0x70\n[   95.466849]  ? skb_panic+0x4d/0x4f\n[   95.467718]  ? asm_exc_invalid_op+0x1a/0x20\n[   95.468758]  ? skb_panic+0x4d/0x4f\n[   95.469655]  skb_put.cold+0x10/0x10\n[   95.470573]  vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3]\n[   95.471853]  vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3]\n[   95.473185]  __napi_poll+0x2b/0x160\n[   95.474145]  net_rx_action+0x2c6/0x3b0\n[   95.475115]  handle_softirqs+0xe7/0x2a0\n[   95.476122]  __irq_exit_rcu+0x97/0xb0\n[   95.477109]  common_interrupt+0x85/0xa0\n[   95.478102]  </IRQ>\n[   95.478846]  <TASK>\n[   95.479603]  asm_common_interrupt+0x26/0x40\n[   95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20\n[   95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90\n[   95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246\n[   95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000\n[   95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001\n[   95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3\n[   95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260\n[   95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000\n[   95.495035]  acpi_safe_halt+0x14/0x20\n[   95.496127]  acpi_idle_do_entry+0x2f/0x50\n[   95.497221]  acpi_idle_enter+0x7f/0xd0\n[   95.498272]  cpuidle_enter_state+0x81/0x420\n[   95.499375]  cpuidle_enter+0x2d/0x40\n[   95.500400]  do_idle+0x1e5/0x240\n[   95.501385]  cpu_startup_entry+0x29/0x30\n[   95.502422]  start_secondary+0x11c/0x140\n[   95.503454]  common_startup_64+0x13e/0x141\n[   95.504466]  </TASK>\n[   95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4\nnft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6\nnft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip\n---truncated---"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:08:16.349Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40923", "state": "PUBLISHED", "dateUpdated": "2024-12-19T09:08:16.349Z", "dateReserved": "2024-07-12T12:17:45.582Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:25:04.245Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T04:39:55.850Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-40923 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T17:05:24.017476Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T12:42:23.509Z (string)

}

]

cna : { »

title : vmxnet3: disable rx data ring on dma allocation failure (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 6f4833383e8514ea796d094e05c24889b8997fde (string)

lessThan : 9ee14af24e67ef170108db547f7d1f701b3f2bc5 (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : 6f4833383e8514ea796d094e05c24889b8997fde (string)

lessThan : aa116ae9d169e28b692292460aed27fc44f4a017 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 6f4833383e8514ea796d094e05c24889b8997fde (string)

lessThan : ffbe335b8d471f79b259e950cb20999700670456 (string)

versionType : git (string)

}

]

programFiles : [ »

0 : drivers/net/vmxnet3/vmxnet3_drv.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 6.3 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 6.3 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 6.6.35 (string)

versionType : semver (string)

lessThanOrEqual : 6.6.* (string)

}

3 : { »

status : unaffected (string)

version : 6.9.6 (string)

versionType : semver (string)

lessThanOrEqual : 6.9.* (string)

}

4 : { »

status : unaffected (string)

version : 6.10 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : drivers/net/vmxnet3/vmxnet3_drv.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456 (string)

}

]

x_generator : { »

engine : bippy-5f407fcff5a0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: vmxnet3: disable rx data ring on dma allocation failure When vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base, the subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset rq->data_ring.desc_size for the data ring that failed, which presumably causes the hypervisor to reference it on packet reception. To fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell the hypervisor to disable this feature. [ 95.436876] kernel BUG at net/core/skbuff.c:207! [ 95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1 [ 95.441558] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018 [ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f [ 95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50 ff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9 ff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24 [ 95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246 [ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f [ 95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f [ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60 [ 95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000 [ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0 [ 95.455682] FS: 0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000 [ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0 [ 95.459791] Call Trace: [ 95.460515] <IRQ> [ 95.461180] ? __die_body.cold+0x19/0x27 [ 95.462150] ? die+0x2e/0x50 [ 95.462976] ? do_trap+0xca/0x110 [ 95.463973] ? do_error_trap+0x6a/0x90 [ 95.464966] ? skb_panic+0x4d/0x4f [ 95.465901] ? exc_invalid_op+0x50/0x70 [ 95.466849] ? skb_panic+0x4d/0x4f [ 95.467718] ? asm_exc_invalid_op+0x1a/0x20 [ 95.468758] ? skb_panic+0x4d/0x4f [ 95.469655] skb_put.cold+0x10/0x10 [ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3] [ 95.471853] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3] [ 95.473185] __napi_poll+0x2b/0x160 [ 95.474145] net_rx_action+0x2c6/0x3b0 [ 95.475115] handle_softirqs+0xe7/0x2a0 [ 95.476122] __irq_exit_rcu+0x97/0xb0 [ 95.477109] common_interrupt+0x85/0xa0 [ 95.478102] </IRQ> [ 95.478846] <TASK> [ 95.479603] asm_common_interrupt+0x26/0x40 [ 95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246 [ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000 [ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001 [ 95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3 [ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260 [ 95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000 [ 95.495035] acpi_safe_halt+0x14/0x20 [ 95.496127] acpi_idle_do_entry+0x2f/0x50 [ 95.497221] acpi_idle_enter+0x7f/0xd0 [ 95.498272] cpuidle_enter_state+0x81/0x420 [ 95.499375] cpuidle_enter+0x2d/0x40 [ 95.500400] do_idle+0x1e5/0x240 [ 95.501385] cpu_startup_entry+0x29/0x30 [ 95.502422] start_secondary+0x11c/0x140 [ 95.503454] common_startup_64+0x13e/0x141 [ 95.504466] </TASK> [ 95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip ---truncated--- (string)

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2024-12-19T09:08:16.349Z (string)

}

cveMetadata : { »

cveId : CVE-2024-40923 (string)

state : PUBLISHED (string)

dateUpdated : 2024-12-19T09:08:16.349Z (string)

dateReserved : 2024-07-12T12:17:45.582Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-07-12T12:25:04.245Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: disable rx data ring on dma allocation failure\n\nWhen vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base,\nthe subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset\nrq->data_ring.desc_size for the data ring that failed, which presumably\ncauses the hypervisor to reference it on packet reception.\n\nTo fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell\nthe hypervisor to disable this feature.\n\n[   95.436876] kernel BUG at net/core/skbuff.c:207!\n[   95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[   95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1\n[   95.441558] Hardware name: VMware, Inc. VMware Virtual\nPlatform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018\n[   95.443481] RIP: 0010:skb_panic+0x4d/0x4f\n[   95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50\nff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9\nff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24\n[   95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246\n[   95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f\n[   95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f\n[   95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60\n[   95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000\n[   95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0\n[   95.455682] FS:  0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000\n[   95.457178] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0\n[   95.459791] Call Trace:\n[   95.460515]  <IRQ>\n[   95.461180]  ? __die_body.cold+0x19/0x27\n[   95.462150]  ? die+0x2e/0x50\n[   95.462976]  ? do_trap+0xca/0x110\n[   95.463973]  ? do_error_trap+0x6a/0x90\n[   95.464966]  ? skb_panic+0x4d/0x4f\n[   95.465901]  ? exc_invalid_op+0x50/0x70\n[   95.466849]  ? skb_panic+0x4d/0x4f\n[   95.467718]  ? asm_exc_invalid_op+0x1a/0x20\n[   95.468758]  ? skb_panic+0x4d/0x4f\n[   95.469655]  skb_put.cold+0x10/0x10\n[   95.470573]  vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3]\n[   95.471853]  vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3]\n[   95.473185]  __napi_poll+0x2b/0x160\n[   95.474145]  net_rx_action+0x2c6/0x3b0\n[   95.475115]  handle_softirqs+0xe7/0x2a0\n[   95.476122]  __irq_exit_rcu+0x97/0xb0\n[   95.477109]  common_interrupt+0x85/0xa0\n[   95.478102]  </IRQ>\n[   95.478846]  <TASK>\n[   95.479603]  asm_common_interrupt+0x26/0x40\n[   95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20\n[   95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90\n[   95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246\n[   95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000\n[   95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001\n[   95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3\n[   95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260\n[   95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000\n[   95.495035]  acpi_safe_halt+0x14/0x20\n[   95.496127]  acpi_idle_do_entry+0x2f/0x50\n[   95.497221]  acpi_idle_enter+0x7f/0xd0\n[   95.498272]  cpuidle_enter_state+0x81/0x420\n[   95.499375]  cpuidle_enter+0x2d/0x40\n[   95.500400]  do_idle+0x1e5/0x240\n[   95.501385]  cpu_startup_entry+0x29/0x30\n[   95.502422]  start_secondary+0x11c/0x140\n[   95.503454]  common_startup_64+0x13e/0x141\n[   95.504466]  </TASK>\n[   95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4\nnft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6\nnft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip\n---truncated---"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vmxnet3: deshabilite el anillo de datos rx en caso de falla en la asignaci\u00f3n de dma Cuando vmxnet3_rq_create() no puede asignar memoria para rq-&gt;data_ring.base, la llamada posterior a vmxnet3_rq_destroy_all_rxdataring no restablece rq-&gt;data_ring .desc_size para el anillo de datos que fall\u00f3, lo que presumiblemente hace que el hipervisor haga referencia a \u00e9l al recibir el paquete. Para corregir este error, rq-&gt;data_ring.desc_size debe establecerse en 0 para indicarle al hipervisor que desactive esta funci\u00f3n. [95.436876] \u00a1ERROR del kernel en net/core/skbuff.c:207! [ 95.439074] c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP NOPTI [ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1 [ 95.441558] Nombre de hardware: VMware, Inc. VMware Virtual Platform Plataforma de referencia de escritorio /440BX, BIOS 6.00 12/12/2018 [ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f [ 95.444404] C\u00f3digo: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 50 ff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9 ff &lt;0f&gt; 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff 48 8b 14 24 [ 7684] RSP : 0018:ffffa13340274dd0 EFLAGS: 00010246 [ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f [ 95.450148] RDX: 00000000000000 RSI: 00000000000000f6 RDI: 000000000000083f [ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: 0 [ 95.452886] R10: fffffffa04ed468 R11 : 0000000000000002 R12: 0000000000000000 [ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0 [ 95.455682] FS: 00000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000 [ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0 [ 95.459791] Seguimiento de llamadas: [ 95.460515]  [ 95.461180] ? __die_body.cold+0x19/0x27 [ 95.462150] ? morir+0x2e/0x50 [ 95.462976] ? do_trap+0xca/0x110 [95.463973]? do_error_trap+0x6a/0x90 [95.464966]? skb_panic+0x4d/0x4f [95.465901]? exc_invalid_op+0x50/0x70 [95.466849]? skb_panic+0x4d/0x4f [95.467718]? asm_exc_invalid_op+0x1a/0x20 [95.468758]? skb_panic+0x4d/0x4f [ 95.469655] skb_put.cold+0x10/0x10 [ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3] [ 95.471853] [vmxnet3] [95.473185] __napi_poll+0x2b/0x160 [95.474145] net_rx_action+ 0x2c6/0x3b0 [ 95.475115] handle_softirqs+0xe7/0x2a0 [ 95.476122] __irq_exit_rcu+0x97/0xb0 [ 95.477109] common_interrupt+0x85/0xa0 [ 95.478102]  95.478 846]  [ 95.479603] asm_common_interrupt+0x26/0x40 [ 95.480657 ] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 95.481801] C\u00f3digo: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4  2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246 [ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000 [ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 00000000000000001 [ 95.490067] RBP: d14064 R08: fffffffa0652260 R09: 00000000000010d3 [ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: fffffffa0652260 [ 95.493389] fffffffa06522e0 R14: 0000000000000001 R15 : 0000000000000000 [ 95.495035] acpi_safe_halt+0x14/0x20 [ 95.496127] acpi_idle_do_entry+0x2f/0x50 [ 95.497221] acpi_idle_enter+0x7f/0xd0 [ 95.498272] le_enter_state+0x81/0x420 [ 95.499375] cpuidle_enter+0x2d/0x40 [ 95.500400] do_idle+0x1e5/0x240 [ 95.501385] cpu_startup_entry+0x29/0x30 [ 95.502422] start_secondary+0x11c/0x140 [ 95.503454] common_startup_64+0x13e/0x141 [ 95.504466]  [ 95.505197] M\u00f3dulos vinculados en: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip ---truncado---"}], "id": "CVE-2024-40923", "lastModified": "2024-11-21T09:31:52.723", "metrics": {}, "published": "2024-07-12T13:15:15.200", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: vmxnet3: disable rx data ring on dma allocation failure When vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base, the subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset rq->data_ring.desc_size for the data ring that failed, which presumably causes the hypervisor to reference it on packet reception. To fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell the hypervisor to disable this feature. [ 95.436876] kernel BUG at net/core/skbuff.c:207! [ 95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1 [ 95.441558] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018 [ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f [ 95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50 ff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9 ff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24 [ 95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246 [ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f [ 95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f [ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60 [ 95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000 [ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0 [ 95.455682] FS: 0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000 [ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0 [ 95.459791] Call Trace: [ 95.460515] <IRQ> [ 95.461180] ? __die_body.cold+0x19/0x27 [ 95.462150] ? die+0x2e/0x50 [ 95.462976] ? do_trap+0xca/0x110 [ 95.463973] ? do_error_trap+0x6a/0x90 [ 95.464966] ? skb_panic+0x4d/0x4f [ 95.465901] ? exc_invalid_op+0x50/0x70 [ 95.466849] ? skb_panic+0x4d/0x4f [ 95.467718] ? asm_exc_invalid_op+0x1a/0x20 [ 95.468758] ? skb_panic+0x4d/0x4f [ 95.469655] skb_put.cold+0x10/0x10 [ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3] [ 95.471853] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3] [ 95.473185] __napi_poll+0x2b/0x160 [ 95.474145] net_rx_action+0x2c6/0x3b0 [ 95.475115] handle_softirqs+0xe7/0x2a0 [ 95.476122] __irq_exit_rcu+0x97/0xb0 [ 95.477109] common_interrupt+0x85/0xa0 [ 95.478102] </IRQ> [ 95.478846] <TASK> [ 95.479603] asm_common_interrupt+0x26/0x40 [ 95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246 [ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000 [ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001 [ 95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3 [ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260 [ 95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000 [ 95.495035] acpi_safe_halt+0x14/0x20 [ 95.496127] acpi_idle_do_entry+0x2f/0x50 [ 95.497221] acpi_idle_enter+0x7f/0xd0 [ 95.498272] cpuidle_enter_state+0x81/0x420 [ 95.499375] cpuidle_enter+0x2d/0x40 [ 95.500400] do_idle+0x1e5/0x240 [ 95.501385] cpu_startup_entry+0x29/0x30 [ 95.502422] start_secondary+0x11c/0x140 [ 95.503454] common_startup_64+0x13e/0x141 [ 95.504466] </TASK> [ 95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip ---truncated--- (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se resolvió la siguiente vulnerabilidad: vmxnet3: deshabilite el anillo de datos rx en caso de falla en la asignación de dma Cuando vmxnet3_rq_create() no puede asignar memoria para rq->data_ring.base, la llamada posterior a vmxnet3_rq_destroy_all_rxdataring no restablece rq->data_ring .desc_size para el anillo de datos que falló, lo que presumiblemente hace que el hipervisor haga referencia a él al recibir el paquete. Para corregir este error, rq->data_ring.desc_size debe establecerse en 0 para indicarle al hipervisor que desactive esta función. [95.436876] ¡ERROR del kernel en net/core/skbuff.c:207! [ 95.439074] código de operación no válido: 0000 [#1] PREEMPT SMP NOPTI [ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1 [ 95.441558] Nombre de hardware: VMware, Inc. VMware Virtual Platform Plataforma de referencia de escritorio /440BX, BIOS 6.00 12/12/2018 [ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f [ 95.444404] Código: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 50 ff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9 ff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff 48 8b 14 24 [ 7684] RSP : 0018:ffffa13340274dd0 EFLAGS: 00010246 [ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f [ 95.450148] RDX: 00000000000000 RSI: 00000000000000f6 RDI: 000000000000083f [ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: 0 [ 95.452886] R10: fffffffa04ed468 R11 : 0000000000000002 R12: 0000000000000000 [ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0 [ 95.455682] FS: 00000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000 [ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0 [ 95.459791] Seguimiento de llamadas: [ 95.460515] [ 95.461180] ? __die_body.cold+0x19/0x27 [ 95.462150] ? morir+0x2e/0x50 [ 95.462976] ? do_trap+0xca/0x110 [95.463973]? do_error_trap+0x6a/0x90 [95.464966]? skb_panic+0x4d/0x4f [95.465901]? exc_invalid_op+0x50/0x70 [95.466849]? skb_panic+0x4d/0x4f [95.467718]? asm_exc_invalid_op+0x1a/0x20 [95.468758]? skb_panic+0x4d/0x4f [ 95.469655] skb_put.cold+0x10/0x10 [ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3] [ 95.471853] [vmxnet3] [95.473185] __napi_poll+0x2b/0x160 [95.474145] net_rx_action+ 0x2c6/0x3b0 [ 95.475115] handle_softirqs+0xe7/0x2a0 [ 95.476122] __irq_exit_rcu+0x97/0xb0 [ 95.477109] common_interrupt+0x85/0xa0 [ 95.478102] 95.478 846] [ 95.479603] asm_common_interrupt+0x26/0x40 [ 95.480657 ] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 95.481801] Código: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246 [ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000 [ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 00000000000000001 [ 95.490067] RBP: d14064 R08: fffffffa0652260 R09: 00000000000010d3 [ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: fffffffa0652260 [ 95.493389] fffffffa06522e0 R14: 0000000000000001 R15 : 0000000000000000 [ 95.495035] acpi_safe_halt+0x14/0x20 [ 95.496127] acpi_idle_do_entry+0x2f/0x50 [ 95.497221] acpi_idle_enter+0x7f/0xd0 [ 95.498272] le_enter_state+0x81/0x420 [ 95.499375] cpuidle_enter+0x2d/0x40 [ 95.500400] do_idle+0x1e5/0x240 [ 95.501385] cpu_startup_entry+0x29/0x30 [ 95.502422] start_secondary+0x11c/0x140 [ 95.503454] common_startup_64+0x13e/0x141 [ 95.504466] [ 95.505197] Módulos vinculados en: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip ---truncado--- (string)

}

]

id : CVE-2024-40923 (string)

lastModified : 2024-11-21T09:31:52.723 (string)

metrics : { *empty* }

published : 2024-07-12T13:15:15.200 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017 (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.kernel.org/stable/c/9ee14af24e67ef170108db547f7d1f701b3f2bc5 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.kernel.org/stable/c/aa116ae9d169e28b692292460aed27fc44f4a017 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.kernel.org/stable/c/ffbe335b8d471f79b259e950cb20999700670456 (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Awaiting Analysis (string)

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: vmxnet3: disable rx data ring on dma allocation failure", "id": "2297507", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297507"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvmxnet3: disable rx data ring on dma allocation failure\nWhen vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base,\nthe subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset\nrq->data_ring.desc_size for the data ring that failed, which presumably\ncauses the hypervisor to reference it on packet reception.\nTo fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell\nthe hypervisor to disable this feature.\n[   95.436876] kernel BUG at net/core/skbuff.c:207!\n[   95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[   95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1\n[   95.441558] Hardware name: VMware, Inc. VMware Virtual\nPlatform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018\n[   95.443481] RIP: 0010:skb_panic+0x4d/0x4f\n[   95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50\nff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9\nff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24\n[   95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246\n[   95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f\n[   95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f\n[   95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60\n[   95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000\n[   95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0\n[   95.455682] FS:  0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000\n[   95.457178] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0\n[   95.459791] Call Trace:\n[   95.460515]  <IRQ>\n[   95.461180]  ? __die_body.cold+0x19/0x27\n[   95.462150]  ? die+0x2e/0x50\n[   95.462976]  ? do_trap+0xca/0x110\n[   95.463973]  ? do_error_trap+0x6a/0x90\n[   95.464966]  ? skb_panic+0x4d/0x4f\n[   95.465901]  ? exc_invalid_op+0x50/0x70\n[   95.466849]  ? skb_panic+0x4d/0x4f\n[   95.467718]  ? asm_exc_invalid_op+0x1a/0x20\n[   95.468758]  ? skb_panic+0x4d/0x4f\n[   95.469655]  skb_put.cold+0x10/0x10\n[   95.470573]  vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3]\n[   95.471853]  vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3]\n[   95.473185]  __napi_poll+0x2b/0x160\n[   95.474145]  net_rx_action+0x2c6/0x3b0\n[   95.475115]  handle_softirqs+0xe7/0x2a0\n[   95.476122]  __irq_exit_rcu+0x97/0xb0\n[   95.477109]  common_interrupt+0x85/0xa0\n[   95.478102]  </IRQ>\n[   95.478846]  <TASK>\n[   95.479603]  asm_common_interrupt+0x26/0x40\n[   95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20\n[   95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90\n[   95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246\n[   95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000\n[   95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001\n[   95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3\n[   95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260\n[   95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000\n[   95.495035]  acpi_safe_halt+0x14/0x20\n[   95.496127]  acpi_idle_do_entry+0x2f/0x50\n[   95.497221]  acpi_idle_enter+0x7f/0xd0\n[   95.498272]  cpuidle_enter_state+0x81/0x420\n[   95.499375]  cpuidle_enter+0x2d/0x40\n[   95.500400]  do_idle+0x1e5/0x240\n[   95.501385]  cpu_startup_entry+0x29/0x30\n[   95.502422]  start_secondary+0x11c/0x140\n[   95.503454]  common_startup_64+0x13e/0x141\n[   95.504466]  </TASK>\n[   95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4\nnft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6\nnft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip\n---truncated---"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40923", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40923\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40923\nhttps://lore.kernel.org/linux-cve-announce/2024071213-CVE-2024-40923-5e9e@gregkh/T"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2024:9315 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-503.11.1.el9_5 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2024-11-12T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2024:9315 (string)

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-503.11.1.el9_5 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2024-11-12T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: vmxnet3: disable rx data ring on dma allocation failure (string)

id : 2297507 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2297507 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 4.4 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (string)

status : verified (string)

}

cwe : CWE-99 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: vmxnet3: disable rx data ring on dma allocation failure When vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base, the subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset rq->data_ring.desc_size for the data ring that failed, which presumably causes the hypervisor to reference it on packet reception. To fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell the hypervisor to disable this feature. [ 95.436876] kernel BUG at net/core/skbuff.c:207! [ 95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1 [ 95.441558] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018 [ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f [ 95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50 ff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9 ff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24 [ 95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246 [ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f [ 95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f [ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60 [ 95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000 [ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0 [ 95.455682] FS: 0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000 [ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0 [ 95.459791] Call Trace: [ 95.460515] <IRQ> [ 95.461180] ? __die_body.cold+0x19/0x27 [ 95.462150] ? die+0x2e/0x50 [ 95.462976] ? do_trap+0xca/0x110 [ 95.463973] ? do_error_trap+0x6a/0x90 [ 95.464966] ? skb_panic+0x4d/0x4f [ 95.465901] ? exc_invalid_op+0x50/0x70 [ 95.466849] ? skb_panic+0x4d/0x4f [ 95.467718] ? asm_exc_invalid_op+0x1a/0x20 [ 95.468758] ? skb_panic+0x4d/0x4f [ 95.469655] skb_put.cold+0x10/0x10 [ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3] [ 95.471853] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3] [ 95.473185] __napi_poll+0x2b/0x160 [ 95.474145] net_rx_action+0x2c6/0x3b0 [ 95.475115] handle_softirqs+0xe7/0x2a0 [ 95.476122] __irq_exit_rcu+0x97/0xb0 [ 95.477109] common_interrupt+0x85/0xa0 [ 95.478102] </IRQ> [ 95.478846] <TASK> [ 95.479603] asm_common_interrupt+0x26/0x40 [ 95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246 [ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000 [ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001 [ 95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3 [ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260 [ 95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000 [ 95.495035] acpi_safe_halt+0x14/0x20 [ 95.496127] acpi_idle_do_entry+0x2f/0x50 [ 95.497221] acpi_idle_enter+0x7f/0xd0 [ 95.498272] cpuidle_enter_state+0x81/0x420 [ 95.499375] cpuidle_enter+0x2d/0x40 [ 95.500400] do_idle+0x1e5/0x240 [ 95.501385] cpu_startup_entry+0x29/0x30 [ 95.502422] start_secondary+0x11c/0x140 [ 95.503454] common_startup_64+0x13e/0x141 [ 95.504466] </TASK> [ 95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip ---truncated--- (string)

]

mitigation : { »

lang : en:us (string)

value : Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. (string)

}

name : CVE-2024-40923 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Will not fix (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Will not fix (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Will not fix (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-07-12T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-40923 https://nvd.nist.gov/vuln/detail/CVE-2024-40923 https://lore.kernel.org/linux-cve-announce/2024071213-CVE-2024-40923-5e9e@gregkh/T (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object