{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-39506","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-25T14:23:23.752Z","datePublished":"2024-07-12T12:20:38.298Z","dateUpdated":"2025-11-03T21:56:26.420Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:17:16.260Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t  octeon_droq_dispatch_pkt\n\t   octeon_create_recv_info\n\t    ...search in the dispatch_list...\n\t     ->disp_fn(rdisp->rinfo, ...)\n\t      lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info->page to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c"],"versions":[{"version":"1f233f327913f3dee0602cba9c64df1903772b55","lessThan":"87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2","status":"affected","versionType":"git"},{"version":"1f233f327913f3dee0602cba9c64df1903772b55","lessThan":"dcc7440f32c7a26b067aff6e7d931ec593024a79","status":"affected","versionType":"git"},{"version":"1f233f327913f3dee0602cba9c64df1903772b55","lessThan":"cbf18d8128a753cb632bef39470d19befd9c7347","status":"affected","versionType":"git"},{"version":"1f233f327913f3dee0602cba9c64df1903772b55","lessThan":"a86490a3712cc513113440a606a0e77130abd47c","status":"affected","versionType":"git"},{"version":"1f233f327913f3dee0602cba9c64df1903772b55","lessThan":"f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee","status":"affected","versionType":"git"},{"version":"1f233f327913f3dee0602cba9c64df1903772b55","lessThan":"fd2b613bc4c508e55c1221c6595bb889812a4fea","status":"affected","versionType":"git"},{"version":"1f233f327913f3dee0602cba9c64df1903772b55","lessThan":"a6f4d0ec170a46b5f453cacf55dff5989b42bbfa","status":"affected","versionType":"git"},{"version":"1f233f327913f3dee0602cba9c64df1903772b55","lessThan":"c44711b78608c98a3e6b49ce91678cd0917d5349","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c"],"versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","status":"unaffected","versionType":"semver"},{"version":"4.19.317","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.279","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.221","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.162","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.95","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.35","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.6","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.317"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.4.279"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.221"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.15.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.1.95"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.6.35"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.9.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2"},{"url":"https://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79"},{"url":"https://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347"},{"url":"https://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c"},{"url":"https://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee"},{"url":"https://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea"},{"url":"https://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa"},{"url":"https://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349"}],"title":"liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:56:26.420Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-39506","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:06:54.651829Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:32:47.871Z"}}]}}