Linux · Linux Kernel · CVE-2024-40937
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue arises from the `gve rx free skb` function incorrectly leaving `napi->skb` referencing an skb after it is freed with `dev kfree skb any()`. This can result in a subsequent call to `napi get frags` returning a dangling pointer. The fix involves clearing `napi->skb` before the skb is freed.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.