CVE-2024-42071

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.0-rc3-netnext+

Description The issue arises when the ionic tx clean() function calls napi consume skb(), which in turn calls napi skb cache put(). The problem occurs because napi consume skb() is called without proper context, specifically when not in a NAPI softirq context. To signal that it's not in a safe context, napi consume skb() should be called with a budget of 0. The vulnerability was discovered during configuration stress testing of traffic and a change queue config loop. The DEBUG NET WARN ON ONCE(!in softirq()) note and the comment /* Zero budget indicate non-NAPI context called us, like netpoll */ indicate that the current implementation is incorrect.

Recommendations To resolve the issue, pass a context hint down through the calls to let ionic tx clean() know what is being done, so it can call napi consume skb() correctly. As a temporary workaround, consider disabling the ionic tx clean() function until a patch is available. Restrict access to the napi consume skb() function to minimize the risk of exploitation. Avoid using the budget parameter in the affected napi consume skb() function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.