CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-53240: xen/netfront: fix crash when removing device

Description

In the Linux kernel, the following vulnerability has been resolved:

xen/netfront: fix crash when removing device

When removing a netfront device directly after a suspend/resume cycle
it might happen that the queues have not been setup again, causing a
crash during the attempt to stop the queues another time.

Fix that by checking the queues are existing before trying to stop
them.

This is XSA-465 / CVE-2024-53240.

Classification

CVE ID: CVE-2024-53240

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.41% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/20f7f0cf7af5d81b218202ef504223af84b16a8f
https://git.kernel.org/stable/c/1d5354a9182b6d302ae10367cbec1ca339d4e4e7
https://git.kernel.org/stable/c/2657ba851fa3381256d81e431b20041dc232fd88
https://git.kernel.org/stable/c/8b41e6bccf7de93982781be4125211443382e66d
https://git.kernel.org/stable/c/fe9a8f5250aed0948b668c8a4e051e3b0fc29f09
https://git.kernel.org/stable/c/7728e974ffbf14f17648dd92ea640b42b654d47c
https://git.kernel.org/stable/c/f9244fb55f37356f75c739c57323d9422d7aa0f8

Timeline

2024-12-25 00:30:36 UTC
CVE

xen/netfront: fix crash when removing device
2025-02-13 10:00:21 UTC
Tenable Plugins

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-20100)