CVE-2024-40937

In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags returning a dangling pointer. Fix this by clearing napi->skb before the skb is freed.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037	Patch
https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e	Patch
https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc	Patch
https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50	Patch
https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442	Patch
https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037	Patch
https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e	Patch
https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc	Patch
https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50	Patch
https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::

History

06 Oct 2025, 20:52

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.10:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037 -~~	() https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037 - Patch
References	~~() https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e -~~	() https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e - Patch
References	~~() https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc -~~	() https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc - Patch
References	~~() https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50 -~~	() https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50 - Patch
References	~~() https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442 -~~	() https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-noinfo

21 Nov 2024, 09:31

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: gve: Borrar napi->skb antes de dev_kfree_skb_any() gve_rx_free_skb deja incorrectamente napi->skb haciendo referencia a un skb después de liberarlo con dev_kfree_skb_any(). Esto puede resultar en una llamada posterior a napi_get_frags que devuelva un puntero colgante. Solucione este problema borrando napi->skb antes de liberar el skb.
References	~~() https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037 -~~	() https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037 -
References	~~() https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e -~~	() https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e -
References	~~() https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc -~~	() https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc -
References	~~() https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50 -~~	() https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50 -
References	~~() https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442 -~~	() https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442 -

12 Jul 2024, 16:34

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-12 13:15

Updated : 2025-10-06 20:52

NVD link : CVE-2024-40937

Mitre link : CVE-2024-40937

CVE.ORG link : CVE-2024-40937

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10