PT-2024-6596 · Linux+3 · Linux Kernel+3

Published

2024-05-05

Updated

2026-03-14

CVE-2024-42162

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the function gve get ethtool stats() in the Linux kernel's virtual network adapter driver, which is associated with incorrect data checking. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information. The problem arises when the NIC sends statistics for a subset of queues, potentially leading to an invalid access on the priv->stats report->stats array.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2024-10855

ALT-PU-2025-12647

BDU:2024-07742

CVE-2024-42162

ECHO-8F4F-BEBF-435A

OESA-2024-1960

OESA-2024-1961

OESA-2024-1962

OESA-2024-1964

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3189-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3251-1

SUSE-SU-2024:3252-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

Affected Products

Alt Linux

Debian

Linux Kernel

Suse

PT-2024-6596 · Linux+3 · Linux Kernel+3

CVE-2024-42162

Weakness Enumeration

Related Identifiers

Affected Products

References · 1339