{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40937", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.584Z", "datePublished": "2024-07-12T12:25:13.807Z", "dateUpdated": "2025-05-04T09:18:20.359Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:18:20.359Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Clear napi->skb before dev_kfree_skb_any()\n\ngve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it\nis freed with dev_kfree_skb_any(). This can result in a subsequent call\nto napi_get_frags returning a dangling pointer.\n\nFix this by clearing napi->skb before the skb is freed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/google/gve/gve_rx_dqo.c"], "versions": [{"version": "9b8dd5e5ea48bbb7532d20c4093a79d8283e4029", "lessThan": "75afd8724739ee5ed8165acde5f6ac3988b485cc", "status": "affected", "versionType": "git"}, {"version": "9b8dd5e5ea48bbb7532d20c4093a79d8283e4029", "lessThan": "d221284991118c0ab16480b53baecd857c0bc442", "status": "affected", "versionType": "git"}, {"version": "9b8dd5e5ea48bbb7532d20c4093a79d8283e4029", "lessThan": "2ce5341c36993b776012601921d7688693f8c037", "status": "affected", "versionType": "git"}, {"version": "9b8dd5e5ea48bbb7532d20c4093a79d8283e4029", "lessThan": "a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50", "status": "affected", "versionType": "git"}, {"version": "9b8dd5e5ea48bbb7532d20c4093a79d8283e4029", "lessThan": "6f4d93b78ade0a4c2cafd587f7b429ce95abb02e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/google/gve/gve_rx_dqo.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.15.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1.95"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.6.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.9.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc"}, {"url": "https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442"}, {"url": "https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037"}, {"url": "https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50"}, {"url": "https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e"}], "title": "gve: Clear napi->skb before dev_kfree_skb_any()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.542Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:39.753649Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:26.574Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40937", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.584Z", "datePublished": "2024-07-12T12:25:13.807Z", "dateUpdated": "2024-08-02T04:39:55.542Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:51:48.895Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Clear napi->skb before dev_kfree_skb_any()\n\ngve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it\nis freed with dev_kfree_skb_any(). This can result in a subsequent call\nto napi_get_frags returning a dangling pointer.\n\nFix this by clearing napi->skb before the skb is freed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/google/gve/gve_rx_dqo.c"], "versions": [{"version": "9b8dd5e5ea48", "lessThan": "75afd8724739", "status": "affected", "versionType": "git"}, {"version": "9b8dd5e5ea48", "lessThan": "d22128499111", "status": "affected", "versionType": "git"}, {"version": "9b8dd5e5ea48", "lessThan": "2ce5341c3699", "status": "affected", "versionType": "git"}, {"version": "9b8dd5e5ea48", "lessThan": "a68184d5b420", "status": "affected", "versionType": "git"}, {"version": "9b8dd5e5ea48", "lessThan": "6f4d93b78ade", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/google/gve/gve_rx_dqo.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc"}, {"url": "https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442"}, {"url": "https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037"}, {"url": "https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50"}, {"url": "https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e"}], "title": "gve: Clear napi->skb before dev_kfree_skb_any()", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:39.753649Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:22.811Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A48FD5B-D0CA-4E4C-8D52-9395CBE79191", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE", "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Clear napi->skb before dev_kfree_skb_any()\n\ngve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it\nis freed with dev_kfree_skb_any(). This can result in a subsequent call\nto napi_get_frags returning a dangling pointer.\n\nFix this by clearing napi->skb before the skb is freed."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: gve: Borrar napi->skb antes de dev_kfree_skb_any() gve_rx_free_skb deja incorrectamente napi->skb haciendo referencia a un skb despu\u00e9s de liberarlo con dev_kfree_skb_any(). Esto puede resultar en una llamada posterior a napi_get_frags que devuelva un puntero colgante. Solucione este problema borrando napi->skb antes de liberar el skb."}], "id": "CVE-2024-40937", "lastModified": "2025-10-06T20:52:20.657", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:16.187", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: gve: Clear napi->skb before dev_kfree_skb_any()", "id": "2297521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297521"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ngve: Clear napi->skb before dev_kfree_skb_any()\ngve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it\nis freed with dev_kfree_skb_any(). This can result in a subsequent call\nto napi_get_frags returning a dangling pointer.\nFix this by clearing napi->skb before the skb is freed."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40937", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40937\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40937\nhttps://lore.kernel.org/linux-cve-announce/2024071217-CVE-2024-40937-fecf@gregkh/T"], "threat_severity": "Moderate"}