CVE-2024-53209

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-226bf9805506

Description The issue is related to the Linux kernel, specifically the bnxt en driver. When XDP is active, the MTU setting determines whether the aggregation ring will be used and the rx skb func handler. If the MTU is later changed, the aggregation ring setting may need to be changed, and it may become out-of-sync with the settings initially done in bnxt set rx skb mode(). This may result in random memory corruption and crashes as the HW may DMA data larger than the allocated buffer size.

Recommendations To address the issue, call bnxt set rx skb mode() within bnxt change mtu() to properly set the AGG rings configuration and update rx skb func based on the new MTU value. Additionally, BNXT FLAG NO AGG RINGS should be cleared at the beginning of bnxt set rx skb mode() to make sure it gets set or cleared based on the current MTU.

Note: The provided information does not specify the exact version that contains the fix for this issue. Therefore, it is recommended to update to the latest version of the Linux kernel to ensure you have the latest security patches.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.