{"uuid": "433e5e63-7154-4730-ba43-59ebafa961c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-58099", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13799", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58099\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame\n\nAndrew and Nikolay reported connectivity issues with Cilium's service\nload-balancing in case of vmxnet3.\n\nIf a BPF program for native XDP adds an encapsulation header such as\nIPIP and transmits the packet out the same interface, then in case\nof vmxnet3 a corrupted packet is being sent and subsequently dropped\non the path.\n\nvmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp()\nthrough vmxnet3_xdp_xmit_back() calculates an incorrect DMA address:\n\n  page = virt_to_page(xdpf->data);\n  tbi->dma_addr = page_pool_get_dma_addr(page) +\n                  VMXNET3_XDP_HEADROOM;\n  dma_sync_single_for_device(&adapter->pdev->dev,\n                             tbi->dma_addr, buf_size,\n                             DMA_TO_DEVICE);\n\nThe above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP\nBPF program could have moved xdp->data. While the passed buf_size is\ncorrect (xdpf->len), the dma_addr needs to have a dynamic offset which\ncan be calculated as xdpf->data - (void *)xdpf, that is, xdp->data -\nxdp->data_hard_start.\n\ud83d\udccf Published: 2025-04-29T11:45:30.997Z\n\ud83d\udccf Modified: 2025-04-29T11:45:30.997Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/59ba6cdadb9c26b606a365eb9c9b25eb2052622d\n2. https://git.kernel.org/stable/c/f82eb34fb59a8fb96c19f4f492c20eb774140bb5\n3. https://git.kernel.org/stable/c/4678adf94da4a9e9683817b246b58ce15fb81782", "creation_timestamp": "2025-04-29T12:12:30.000000Z"}