CVE-2024-56674

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 27, 2024
Updated: Jan 6, 2025
CWE ID 672

Summary

CVE-2024-56674 is a vulnerability affecting the Linux kernel's virtio_net component. When virtnet_close is followed by virtnet_open, some Transmit (TX) completions might not be consumed promptly, resulting in a crash during the first NAPI poll. The issue stems from the fact that netdev_tx_reset_queue() was not invoked at the correct point. This vulnerability can be reproduced by continuously bringing down and bringing up a network device under heavy TX load. The patch resolves the issue by moving netdev_tx_reset_queue() call before enabling RX napi, making it explicit in freeze/restore path, and following the rule of thumb for its placement.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share