CVE-2024-42134

Published: Jul 30, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if is_avq is NULL [bug] In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved to determine whether it is admin virtqueue, but this function vp_dev->is_avq may be empty. For installations, virtio_pci_legacy does not assign a value to vp_dev->is_avq. [fix] Check whether it is vp_dev->is_avq before use. [test] Test with virsh Attach device Before this patch, the following command would crash the guest system After applying the patch, everything seems to be working fine.

Vendor	Product	Versions
Linux	Linux	affected `fd27ef6b44bec26915c5b2b22c13856d9f0ba17a - < 5e2024b0b9b3d5709e3f7e9b92951d7e29154106` affected `fd27ef6b44bec26915c5b2b22c13856d9f0ba17a - < c8fae27d141a32a1624d0d0d5419d94252824498`
Linux	Linux	affected `6.8` unaffected `0 - < 6.8` unaffected `6.9.9 - <= 6.9.` unaffected `6.10 - <= `

References

https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106

https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-42134

Description

Affected Products

References