CVE-2024-50094

MEDIUM 5.5

sfc: Don't invoke xdp_do_flush() from netpoll.

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: sfc: Don't invoke xdp_do_flush() from netpoll. Yury reported a crash in the sfc driver originated from netpoll_send_udp(). The netconsole sends a message and then netpoll invokes the driver's NAPI function with a budget of zero. It is dedicated to allow driver to free TX resources, that it may have used while sending the packet. In the netpoll case the driver invokes xdp_do_flush() unconditionally, leading to crash because bpf_net_context was never assigned. Invoke xdp_do_flush() only if budget is not zero.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Nov 5, 2024
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new medium vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

401cb7dae8130fd34eb84648e02ab4c506df7d5e < 65d4fc76d75c136744e67754d20feda609e7b793 401cb7dae8130fd34eb84648e02ab4c506df7d5e < 55e802468e1d38dec8e25a2fdb6078d45b647e8c

Linux / Linux

6.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/65d4fc76d75c136744e67754d20feda609e7b793 git.kernel.org: https://git.kernel.org/stable/c/55e802468e1d38dec8e25a2fdb6078d45b647e8c