SB20240731128 - Infinite loop in Linux kernel pensando ionic driver
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20240731128
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Infinite loop (CVE-ID: CVE-2024-42071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ionic_tx_desc_unmap_bufs(), ionic_tx_napi(), ionic_txrx_napi(), ionic_tx_clean(), ionic_tx_service(), ionic_tx_cq_service(), ionic_tx_flush() and ionic_tx_empty() functions in drivers/net/ethernet/pensando/ionic/ionic_txrx.c, within the ionic_adminq_napi() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.