PT-2025-18140 · Linux+4 · Linux Kernel+4

Published

2025-04-29

·

Updated

2025-10-03

·

CVE-2024-58099

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved, specifically in the vmxnet3 module. The issue caused packet corruption when a BPF program for native XDP added an encapsulation header and transmitted the packet out the same interface. This resulted in corrupted packets being sent and subsequently dropped. The problem occurred because the vmxnet3 xdp xmit frame() function calculated an incorrect DMA address, assuming a fixed offset. The XDP BPF program could have moved xdp->data, requiring a dynamic offset calculation.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the packet corruption in vmxnet3. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2025-12647
BDU:2026-06041
CVE-2024-58099
INFSA-2025_6966
OESA-2025-1463
RHSA-2025:6966
RHSA-2025:9584
RHSA-2025_6966
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Astra Linux
Linux Kernel
Red Hat
Suse