CVE-2024-43835

virtio_net: Fix napi_skb_cache_put warning

Description

In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix napi_skb_cache_put warning After the commit bdacf3e34945 ("net: Use nested-BH locking for napi_alloc_cache.") was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 handle_bug+0x3d/0x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+0x1a/0x20 __free_old_xmit+0x1c8/0x510 napi_skb_cache_put+0x82/0x4b0 __free_old_xmit+0x1c8/0x510 __free_old_xmit+0x1c8/0x510 __pfx___free_old_xmit+0x10/0x10 The issue arises because virtio is assuming it's running in NAPI context even when it's not, such as in the netpoll case. To resolve this, modify virtnet_poll_tx() to only set NAPI when budget is available. Same for virtnet_poll_cleantx(), which always assumed that it was in a NAPI context.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1 patch
https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa patch
https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783 patch
https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f patch
https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620 patch
https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa patch
https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd patch
https://git.kernel.org/stable/c/f8321fa75102246d7415a6af441872f6637c93ab patch

Frequently Asked Questions

What is the severity of CVE-2024-43835?
CVE-2024-43835 has been scored as a medium severity vulnerability.
How to fix CVE-2024-43835?
To fix CVE-2024-43835, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-43835 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-43835 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-43835?
CVE-2024-43835 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.