CVE-2024-42083

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42083
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42083.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-42083
Downstream
Published
2024-07-29T15:54:44.106Z
Modified
2025-11-20T04:52:56.087686Z
Summary
ionic: fix kernel panic due to multi-buffer handling
Details

In the Linux kernel, the following vulnerability has been resolved:

ionic: fix kernel panic due to multi-buffer handling

Currently, the ionicrunxdp() doesn't handle multi-buffer packets properly for XDPTX and XDPREDIRECT. When a jumbo frame is received, the ionicrunxdp() first makes xdp frame with all necessary pages in the rx descriptor. And if the action is either XDPTX or XDPREDIRECT, it should unmap dma-mapping and reset page pointer to NULL for all pages, not only the first page. But it doesn't for SG pages. So, SG pages unexpectedly will be reused. It eventually causes kernel panic.

Oops: general protection fault, probably for non-canonical address 0x504f4e4dbebc64ff: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.10.0-rc3+ #25 RIP: 0010:xdpreturnframe+0x42/0x90 Code: 01 75 12 5b 4c 89 e6 5d 31 c9 41 5c 31 d2 41 5d e9 73 fd ff ff 44 8b 6b 20 0f b7 43 0a 49 81 ed 68 01 00 00 49 29 c5 49 01 fd <41> 80 7d0 RSP: 0018:ffff99d00122ce08 EFLAGS: 00010202 RAX: 0000000000005453 RBX: ffff8d325f904000 RCX: 0000000000000001 RDX: 00000000670e1000 RSI: 000000011f90d000 RDI: 504f4e4d4c4b4a49 RBP: ffff99d003907740 R08: 0000000000000000 R09: 0000000000000000 R10: 000000011f90d000 R11: 0000000000000000 R12: ffff8d325f904010 R13: 504f4e4dbebc64fd R14: ffff8d3242b070c8 R15: ffff99d0039077c0 FS: 0000000000000000(0000) GS:ffff8d399f780000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f41f6c85e38 CR3: 000000037ac30000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <IRQ> ? dieaddr+0x33/0x90 ? excgeneralprotection+0x251/0x2f0 ? asmexcgeneralprotection+0x22/0x30 ? xdpreturnframe+0x42/0x90 ionictxclean+0x211/0x280 [ionic 15881354510e6a9c655c59c54812b319ed2cd015] ionictxcqservice+0xd3/0x210 [ionic 15881354510e6a9c655c59c54812b319ed2cd015] ionictxrxnapi+0x41/0x1b0 [ionic 15881354510e6a9c655c59c54812b319ed2cd015] _napipoll.constprop.0+0x29/0x1b0 netrxaction+0x2c4/0x350 handlesoftirqs+0xf4/0x320 irqexitrcu+0x78/0xa0 common_interrupt+0x77/0x90

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5377805dc1c02ad3721a9256f0eef9b4813952e7
Fixed
8ae401525ae84228a8986bb369224a6224e4d22f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5377805dc1c02ad3721a9256f0eef9b4813952e7
Fixed
e3f02f32a05009a688a87f5799e049ed6b55bab5

Affected versions

v6.*

v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.8
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "drivers/net/ethernet/pensando/ionic/ionic_txrx.c",
            "function": "ionic_run_xdp"
        },
        "digest": {
            "length": 2610.0,
            "function_hash": "185505869516128762592080145056235477760"
        },
        "id": "CVE-2024-42083-4ccf3a40",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8ae401525ae84228a8986bb369224a6224e4d22f",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "drivers/net/ethernet/pensando/ionic/ionic_txrx.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "308578346742122955607380923883094481646",
                "206668578926995799288329171142477684236",
                "164470709736084860388298070252675407386",
                "82144203959693960801351764088122940607",
                "338599779165539276003911598896678842509",
                "290799218520038923009328320741211367080",
                "2860554835127053621672645514098180703",
                "204991436560207350361608546578978369661",
                "149344855099039856277388037877797939912",
                "71693214563081503504995557740433877321",
                "226568302960250402783975838642522590729",
                "112267749644869116109566345884061693231",
                "229071759151268790592009246564345799397",
                "124609114202032342068828132364258360769",
                "316565426986401824893393013482632282908",
                "229493470176733587162041000318413868332",
                "64301615486316689651440331547227815697",
                "296533498006951634687332927866829603150",
                "48269174384330733724148428838871800978",
                "157511691609735149989626620866289372279",
                "32358206858418757109764457102931324194",
                "234334541579565784363539306174656930455",
                "144612225928059916274199094893076954942",
                "239351854593775647492844190167463188873",
                "155319748062120576825178745787490576120",
                "199168407513780782484313150215815444823",
                "122442266619952494687164777644068421705",
                "102693971762224125351817860645700414905",
                "1932505165728826984656717166247472124",
                "134448835222583921788678367008877879654",
                "175542770612804971506488423555935038024"
            ]
        },
        "id": "CVE-2024-42083-d362b3b7",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8ae401525ae84228a8986bb369224a6224e4d22f",
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.9.8