CVE-2024-27026

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.5.1

Description The vulnerability is related to the vmxnet3 component of the Linux kernel, specifically with errors in resource management in the vmxnet3 process xdp() function. This issue can lead to a denial of service. The problem arises from a missing reserved tailroom, which is fixed by using rbi->len instead of rcd->len for non-dataring packets. Technical details include the involvement of xdp do redirect(), vmxnet3 run xdp(), and vmxnet3 process xdp() functions, indicating a complex interaction within the kernel's networking components.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the missing reserved tailroom in the vmxnet3 component. Specifically, ensure that the kernel version is later than 6.5.1, as this version and earlier are affected.

Note: The provided information does not specify the exact version where the fix is applied, so it's recommended to update to the latest available kernel version to ensure the inclusion of the necessary patches.