CVE-2024-53240

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying to stop them. This is XSA-465 / CVE-2024-53240.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1d5354a9182b6d302ae10367cbec1ca339d4e4e7	Patch
https://git.kernel.org/stable/c/20f7f0cf7af5d81b218202ef504223af84b16a8f	Patch
https://git.kernel.org/stable/c/2657ba851fa3381256d81e431b20041dc232fd88	Patch
https://git.kernel.org/stable/c/7728e974ffbf14f17648dd92ea640b42b654d47c	Patch
https://git.kernel.org/stable/c/8b41e6bccf7de93982781be4125211443382e66d	Patch
https://git.kernel.org/stable/c/f9244fb55f37356f75c739c57323d9422d7aa0f8	Patch
https://git.kernel.org/stable/c/fe9a8f5250aed0948b668c8a4e051e3b0fc29f09	Patch
http://xenbits.xen.org/xsa/advisory-465.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:-::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::

History

No history.

Information

Published : 2024-12-24 10:15

Updated : 2025-11-03 21:17

NVD link : CVE-2024-53240

Mitre link : CVE-2024-53240

CVE.ORG link : CVE-2024-53240

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-53240", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2024-12-24T10:15:06.460", "references": [{"url": "https://git.kernel.org/stable/c/1d5354a9182b6d302ae10367cbec1ca339d4e4e7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/20f7f0cf7af5d81b218202ef504223af84b16a8f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2657ba851fa3381256d81e431b20041dc232fd88", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7728e974ffbf14f17648dd92ea640b42b654d47c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8b41e6bccf7de93982781be4125211443382e66d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f9244fb55f37356f75c739c57323d9422d7aa0f8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fe9a8f5250aed0948b668c8a4e051e3b0fc29f09", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "http://xenbits.xen.org/xsa/advisory-465.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netfront: fix crash when removing device\n\nWhen removing a netfront device directly after a suspend/resume cycle\nit might happen that the queues have not been setup again, causing a\ncrash during the attempt to stop the queues another time.\n\nFix that by checking the queues are existing before trying to stop\nthem.\n\nThis is XSA-465 / CVE-2024-53240."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xen/netfront: se corrige un fallo al eliminar un dispositivo Al eliminar un dispositivo netfront directamente despu\u00e9s de un ciclo de suspensi\u00f3n/reanudaci\u00f3n, puede suceder que las colas no se hayan configurado nuevamente, lo que provoca un fallo durante el intento de detener las colas otra vez. Solucione esto comprobando que las colas existen antes de intentar detenerlas. Esto es XSA-465 / CVE-2024-53240."}], "lastModified": "2025-11-03T21:17:45.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF86F5FB-C86B-4ADF-BD5F-80CC895EC3E3", "versionEndExcluding": "4.20", "versionStartIncluding": "4.19.269"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10CAF584-F39C-4858-9A4B-025D2F04FA34", "versionEndExcluding": "5.4.288", "versionStartIncluding": "5.4.227"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74493AB6-688D-4459-A015-5D9C529A5F27", "versionEndExcluding": "5.10.232", "versionStartIncluding": "5.10.159"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5493BFB1-C22A-4ECB-A0C0-DF6F7E346895", "versionEndExcluding": "5.15.175", "versionStartIncluding": "5.15.83"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C65D1427-AD73-4816-99C2-B48257C98DD4", "versionEndExcluding": "6.1", "versionStartIncluding": "6.0.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99CE3BE5-71D3-451A-88EE-12D9069C902B", "versionEndExcluding": "6.1.121", "versionStartIncluding": "6.1.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF4F2CD1-2CA6-4D6B-9B0C-57C3C4D6544A", "versionEndExcluding": "6.6.67", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CB1A9BB-F95E-43DD-A2FD-147912FD91E5", "versionEndExcluding": "6.12.6", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}