CVE-2024-35981

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description There is a bug in the Linux kernel when setting the RSS options in virtio net that can break the whole machine, getting the kernel into an infinite loop. This issue can be reproduced by running the command # ethtool -X eth0 hfunc toeplitz in any QEMU virtual machine with virtionet. The problem occurs because the virtnet commit rss command() function populates 4 entries for the rss scatter-gather, and since the command above does not have a key, the last scatter-gather entry will be zeroed. This buffer is then passed to qemu, which is not happy with a buffer with zero length, resulting in an error. The kernel is waiting for the response to come back, but qemu has bailed out, causing the kernel to loop forever.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.