CVE-2024-57933

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel has been resolved, which guarded XSK operations on the existence of queues. If the interface is down, disabling or enabling XSK pools would result in a crash, as the RX queue pointer would be NULL. The patch predicates the enabling and disabling of XSK pools on the existence of queues. Additionally, xsk wakeup needs to be guarded against queues disappearing while the function is executing, so a check against the GVE PRIV FLAGS NAPI ENABLED flag is added to synchronize with the disabling of the bit and the synchronize net() in gve turndown.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling XSK pool operations when the interface is down to prevent crashes. Restrict access to xsk wakeup to minimize the risk of exploitation. Avoid using the GVE PRIV FLAGS NAPI ENABLED flag in vulnerable configurations until the issue is resolved.