What is the severity of CVE-2024-42291?

CVE-2024-42291 has a critical severity level due to the potential for denial of service through resource exhaustion.

How do I fix CVE-2024-42291?

You can fix CVE-2024-42291 by upgrading to the patched versions of the Linux kernel listed in the vulnerability report.

Which Linux kernel versions are affected by CVE-2024-42291?

The affected versions include several releases before the patches were applied, specifically versions prior to 5.10.223-1, 5.10.226-1, 6.1.119-1, and 6.12.11-1.

Who is affected by CVE-2024-42291?

Users of the affected Linux kernel versions, particularly those utilizing the iavf driver for virtual functions, are at risk from CVE-2024-42291.

Is there a workaround for CVE-2024-42291?

There are no recommended workarounds for CVE-2024-42291; upgrading to the fixed versions is necessary to mitigate the vulnerability.

Vulnerability/
CVE-2024-42291

17/8/2024

19/12/2024

CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters

First published: Sat Aug 17 2024(Updated: 4 months ago)

In the Linux kernel, the following vulnerability has been resolved: ice: Add a per-VF limit on number of FDIR filters While the iavf driver adds a s/w limit (128) on the number of FDIR filters that the VF can request, a malicious VF driver can request more than that and exhaust the resources for other VFs. Add a similar limit in ice.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
debian/linux		5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1
debian/linux-6.1		6.1.129-1~deb11u1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-42291?
CVE-2024-42291 has a critical severity level due to the potential for denial of service through resource exhaustion.
How do I fix CVE-2024-42291?
You can fix CVE-2024-42291 by upgrading to the patched versions of the Linux kernel listed in the vulnerability report.
Which Linux kernel versions are affected by CVE-2024-42291?
The affected versions include several releases before the patches were applied, specifically versions prior to 5.10.223-1, 5.10.226-1, 6.1.119-1, and 6.12.11-1.
Who is affected by CVE-2024-42291?
Users of the affected Linux kernel versions, particularly those utilizing the iavf driver for virtual functions, are at risk from CVE-2024-42291.
Is there a workaround for CVE-2024-42291?
There are no recommended workarounds for CVE-2024-42291; upgrading to the fixed versions is necessary to mitigate the vulnerability.

agent/severity
agent/title
agent/type
agent/first-publish-date
collector/nvd-api
source/NVD
collector/nvd-cve
agent/author
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
collector/usn-cve
source/Ubuntu
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/source
agent/tags
agent/description
agent/softwarecombine
agent/event
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.