CVE-2024-53240

xen/netfront: fix crash when removing device

Description

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying to stop them. This is XSA-465 / CVE-2024-53240.

N/A
CVSS
Severity:
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/20f7f0cf7af5d81b218202ef504223af84b16a8f
https://git.kernel.org/stable/c/1d5354a9182b6d302ae10367cbec1ca339d4e4e7
https://git.kernel.org/stable/c/2657ba851fa3381256d81e431b20041dc232fd88
https://git.kernel.org/stable/c/8b41e6bccf7de93982781be4125211443382e66d
https://git.kernel.org/stable/c/fe9a8f5250aed0948b668c8a4e051e3b0fc29f09
https://git.kernel.org/stable/c/7728e974ffbf14f17648dd92ea640b42b654d47c
https://git.kernel.org/stable/c/f9244fb55f37356f75c739c57323d9422d7aa0f8
http://xenbits.xen.org/xsa/advisory-465.html

Frequently Asked Questions

What is the severity of CVE-2024-53240?
CVE-2024-53240 has not yet been assigned a CVSS score.
How to fix CVE-2024-53240?
To fix CVE-2024-53240, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53240 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-53240 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53240?
CVE-2024-53240 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.