2331325 – (CVE-2024-53240) CVE-2024-53240 kernel: xen: netfront: Backend can crash Linux netfront (Xen Security Advisory 465)

Bug 2331325 (CVE-2024-53240) - CVE-2024-53240 kernel: xen: netfront: Backend can crash Linux netfront (Xen Security Advisory 465)

Summary: CVE-2024-53240 kernel: xen: netfront: Backend can crash Linux netfront (Xen S...

Keywords:
Status:	NEW
Alias:	CVE-2024-53240
Deadline:	2024-12-17
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-12-10 09:22 UTC by OSIDB Bzimport
Modified:	2024-12-18 00:45 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-12-10 09:22:05 UTC

After a suspend/resume cycle of a Linux guest (e.g. via "virsh dompmsuspend"/ "virsh dompmwakeup") a malicious network backend can crash the guest via a NULL-pointer dereference in the guest's xen-netfront driver.

During the resume operation the xen-netfront driver will release some data structures used for communication with the backend, in order to reallocate these data structures with possibly different parameters specified by the backend. If the backend is triggering a network device removal in the guest before any network I/O has happened, the NULL-pointer dereference may happen, causing a crash of the guest.

Note You need to log in before you can comment on or make changes to this bug.