Bug 2331325 (CVE-2024-53240)

Summary: CVE-2024-53240 kernel: xen: netfront: Backend can crash Linux netfront (Xen Security Advisory 465)
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Deadline: 2024-12-17   

Description OSIDB Bzimport 2024-12-10 09:22:05 UTC 
After a suspend/resume cycle of a Linux guest (e.g. via "virsh dompmsuspend"/ "virsh dompmwakeup") a malicious network backend can crash the guest via a NULL-pointer dereference in the guest's xen-netfront driver.

During the resume operation the xen-netfront driver will release some data structures used for communication with the backend, in order to reallocate these data structures with possibly different parameters specified by the backend. If the backend is triggering a network device removal in the guest before any network I/O has happened, the NULL-pointer dereference may happen, causing a crash of the guest.