CVE-2024-40907

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.9.0

Description The vulnerability is caused by the ionic driver sending a packet to the TX path with an rx page and corresponding dma address in the XDP TX path. After the transmission is done, the ionic tx clean() function frees the page, but the RX ring buffer is not reset to NULL, resulting in the use of a freed page and causing a kernel panic. The issue is related to the ionic rx service() and ionic tx clean() functions.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the ionic driver. As a temporary workaround, consider disabling the ionic rx service() function until a patch is available. Restrict access to the vulnerable ionic module to minimize the risk of exploitation. Avoid using the dma address in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.