vulnerability

Red Hat: CVE-2024-57843: kernel: virtio-net: fix overflow inside virtnet_rq_alloc (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Jan 11, 2025	May 15, 2025	Jul 9, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Jan 11, 2025

Added

May 15, 2025

Modified

Jul 9, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

virtio-net: fix overflow inside virtnet_rq_alloc

When the frag just got a page, then may lead to regression on VM.
Specially if the sysctl net.core.high_order_alloc_disable value is 1,
then the frag always get a page when do refill.

Which could see reliable crashes or scp failure (scp a file 100M in size
to VM).

The issue is that the virtnet_rq_dma takes up 16 bytes at the beginning
of a new frag. When the frag size is larger than PAGE_SIZE,
everything is fine. However, if the frag is only one page and the
total size of the buffer and virtnet_rq_dma is larger than one page, an
overflow may occur.

The commit f9dac92ba908 ("virtio_ring: enable premapped mode whatever
use_dma_api") introduced this problem. And we reverted some commits to
fix this in last linux version. Now we try to enable it and fix this
bug directly.

Here, when the frag size is not enough, we reduce the buffer len to fix
this problem.

Solution(s)

no-fix-redhat-rpm-packageredhat-upgrade-kernelredhat-upgrade-kernel-rt

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today