CVE-2024-56674

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0

Description A vulnerability in the Linux kernel has been resolved, related to the virtio net module. When virtnet close is followed by virtnet open, some TX completions can remain unconsumed, leading to a crash. The issue can be reproduced under heavy network TX load. The netdev tx reset queue() function can be dropped from the virtnet open path, and users can still reset stall max via sysfs.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, for versions prior to 6.12.0, apply the patch that adds netdev tx reset queue() to the freeze/restore path, immediately after free unused bufs(). As a temporary workaround, consider disabling the virtnet open() function until a patch is available.