CVE-2024-56674
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-56674 is a vulnerability affecting the Linux kernel's virtio_net component. When virtnet_close is followed by virtnet_open, some Transmit (TX) completions might not be consumed promptly, resulting in a crash during the first NAPI poll. The issue stems from the fact that netdev_tx_reset_queue() was not invoked at the correct point. This vulnerability can be reproduced by continuously bringing down and bringing up a network device under heavy TX load. The patch resolves the issue by moving netdev_tx_reset_queue() call before enabling RX napi, making it explicit in freeze/restore path, and following the rule of thumb for its placement.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX