Linux Kernel GVE Driver XSK Pool Management Vulnerability

Vulnerability

A vulnerability in the Linux kernel's GVE driver related to the management of eXtra Socket (XSK) pools has been addressed. The issue arose because the enabling and disabling of XSK pools did not account for the existence of receive (RX) queues. If an interface was down, this oversight could lead to a crash, as the RX queue pointer would be NULL. The vulnerability has been resolved by ensuring that XSK pool registration occurs only when the interface is active. Additionally, the xsk_wakeup function has been modified to check for the availability of queues, preventing potential crashes when queues are removed while the function is running.

Impact

The vulnerability could cause a system crash by attempting to access a NULL pointer when an interface is down.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel GVE Driver XSK Pool Management Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating