CVE-2024-39506— liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
Affected Version Matrix 18
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1f233f327913f3dee0602cba9c64df1903772b55< 87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2 | affected |
1f233f327913f3dee0602cba9c64df1903772b55< dcc7440f32c7a26b067aff6e7d931ec593024a79 | affected | ||
1f233f327913f3dee0602cba9c64df1903772b55< cbf18d8128a753cb632bef39470d19befd9c7347 | affected | ||
1f233f327913f3dee0602cba9c64df1903772b55< a86490a3712cc513113440a606a0e77130abd47c | affected | ||
1f233f327913f3dee0602cba9c64df1903772b55< f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee | affected | ||
1f233f327913f3dee0602cba9c64df1903772b55< fd2b613bc4c508e55c1221c6595bb889812a4fea | affected | ||
1f233f327913f3dee0602cba9c64df1903772b55< a6f4d0ec170a46b5f453cacf55dff5989b42bbfa | affected | ||
1f233f327913f3dee0602cba9c64df1903772b55< c44711b78608c98a3e6b49ce91678cd0917d5349 | affected | ||
| … +10 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-39506
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet In lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value, but then it is unconditionally passed to skb_add_rx_frag() which looks strange and could lead to null pointer dereference. lio_vf_rep_copy_packet() call trace looks like: octeon_droq_process_packets octeon_droq_fast_process_packets octeon_droq_dispatch_pkt octeon_create_recv_info ...search in the dispatch_list... ->disp_fn(rdisp->rinfo, ...) lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...) In this path there is no code which sets pg_info->page to NULL. So this check looks unneeded and doesn't solve potential problem. But I guess the author had reason to add a check and I have no such card and can't do real test. In addition, the code in the function liquidio_push_packet() in liquidio/lio_core.c does exactly the same. Based on this, I consider the most acceptable compromise solution to adjust this issue by moving skb_add_rx_frag() into conditional scope. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于 liquidio 组件在 lio_vf_rep_copy_packet 函数中存在空指针处理路径问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-39506
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-39506
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-07-12 · 122 CVEs total
| CVE-2024-40960 | ipv6: prevent possible NULL dereference in rt6_probe() | |
| CVE-2024-40975 | platform/x86: x86-android-tablets: Unregister devices in reverse order | |
| CVE-2024-40974 | powerpc/pseries: Enforce hcall result buffer validity and size | |
| CVE-2024-40973 | media: mtk-vcodec: potential null pointer deference in SCP | |
| CVE-2024-40972 | ext4: do not create EA inode under buffer lock | |
| CVE-2024-40970 | Avoid hw_desc array overrun in dw-axi-dmac | |
| CVE-2024-40971 | f2fs: remove clear SB_INLINECRYPT flag in default_options | |
| CVE-2024-40969 | f2fs: don't set RO when shutting down f2fs | |
| CVE-2024-40967 | serial: imx: Introduce timeout when waiting on transmitter empty | |
| CVE-2024-40968 | MIPS: Octeon: Add PCIe link status check | |
| CVE-2024-40966 | tty: add the option to have a tty reject a new ldisc | |
| CVE-2024-40965 | i2c: lpi2c: Avoid calling clk_get_rate during transfer | |
| CVE-2024-40964 | ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() | |
| CVE-2024-40963 | mips: bmips: BCM6358: make sure CBR is correctly set | |
| CVE-2024-40961 | ipv6: prevent possible NULL deref in fib6_nh_init() | |
| CVE-2024-40962 | btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes | |
| CVE-2024-40951 | ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() | |
| CVE-2024-40950 | mm: huge_memory: fix misused mapping_large_folio_support() for anon folios | |
| CVE-2024-40949 | mm: shmem: fix getting incorrect lruvec when replacing a shmem folio | |
| CVE-2024-40952 | ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() |
Showing top 20 of 122 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
Same vendor: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
V. Comments for CVE-2024-39506
No comments yet