{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-42083","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-29T15:50:41.170Z","datePublished":"2024-07-29T15:54:44.106Z","dateUpdated":"2025-05-04T09:22:36.572Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:22:36.572Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nionic: fix kernel panic due to multi-buffer handling\n\nCurrently, the ionic_run_xdp() doesn't handle multi-buffer packets\nproperly for XDP_TX and XDP_REDIRECT.\nWhen a jumbo frame is received, the ionic_run_xdp() first makes xdp\nframe with all necessary pages in the rx descriptor.\nAnd if the action is either XDP_TX or XDP_REDIRECT, it should unmap\ndma-mapping and reset page pointer to NULL for all pages, not only the\nfirst page.\nBut it doesn't for SG pages. So, SG pages unexpectedly will be reused.\nIt eventually causes kernel panic.\n\nOops: general protection fault, probably for non-canonical address 0x504f4e4dbebc64ff: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.10.0-rc3+ #25\nRIP: 0010:xdp_return_frame+0x42/0x90\nCode: 01 75 12 5b 4c 89 e6 5d 31 c9 41 5c 31 d2 41 5d e9 73 fd ff ff 44 8b 6b 20 0f b7 43 0a 49 81 ed 68 01 00 00 49 29 c5 49 01 fd <41> 80 7d0\nRSP: 0018:ffff99d00122ce08 EFLAGS: 00010202\nRAX: 0000000000005453 RBX: ffff8d325f904000 RCX: 0000000000000001\nRDX: 00000000670e1000 RSI: 000000011f90d000 RDI: 504f4e4d4c4b4a49\nRBP: ffff99d003907740 R08: 0000000000000000 R09: 0000000000000000\nR10: 000000011f90d000 R11: 0000000000000000 R12: ffff8d325f904010\nR13: 504f4e4dbebc64fd R14: ffff8d3242b070c8 R15: ffff99d0039077c0\nFS:  0000000000000000(0000) GS:ffff8d399f780000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f41f6c85e38 CR3: 000000037ac30000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? die_addr+0x33/0x90\n ? exc_general_protection+0x251/0x2f0\n ? asm_exc_general_protection+0x22/0x30\n ? xdp_return_frame+0x42/0x90\n ionic_tx_clean+0x211/0x280 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]\n ionic_tx_cq_service+0xd3/0x210 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]\n ionic_txrx_napi+0x41/0x1b0 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]\n __napi_poll.constprop.0+0x29/0x1b0\n net_rx_action+0x2c4/0x350\n handle_softirqs+0xf4/0x320\n irq_exit_rcu+0x78/0xa0\n common_interrupt+0x77/0x90"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/pensando/ionic/ionic_txrx.c"],"versions":[{"version":"5377805dc1c02ad3721a9256f0eef9b4813952e7","lessThan":"8ae401525ae84228a8986bb369224a6224e4d22f","status":"affected","versionType":"git"},{"version":"5377805dc1c02ad3721a9256f0eef9b4813952e7","lessThan":"e3f02f32a05009a688a87f5799e049ed6b55bab5","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/pensando/ionic/ionic_txrx.c"],"versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","status":"unaffected","versionType":"semver"},{"version":"6.9.8","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.9.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8ae401525ae84228a8986bb369224a6224e4d22f"},{"url":"https://git.kernel.org/stable/c/e3f02f32a05009a688a87f5799e049ed6b55bab5"}],"title":"ionic: fix kernel panic due to multi-buffer handling","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T04:54:31.939Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/8ae401525ae84228a8986bb369224a6224e4d22f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e3f02f32a05009a688a87f5799e049ed6b55bab5","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-42083","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:19:03.633265Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:50.082Z"}}]}}