What is the severity of CVE-2024-58099?

CVE-2024-58099 has been rated with a high severity due to its impact on packet corruption in the Linux kernel.

How do I fix CVE-2024-58099?

To fix CVE-2024-58099, it is recommended to update to the latest version of the Linux kernel where this vulnerability has been resolved.

What impact does CVE-2024-58099 have on vmxnet3?

CVE-2024-58099 causes packet corruption issues in vmxnet3, affecting service load-balancing functionalities.

Who reported the issues related to CVE-2024-58099?

The connectivity issues with Cilium's service load-balancing related to CVE-2024-58099 were reported by Andrew and Nikolay.

What is the affected component in CVE-2024-58099?

The affected component in CVE-2024-58099 is the vmxnet3 driver within the Linux kernel.

Vulnerability/
CVE-2024-58099

29/4/2025

CVE-2024-58099: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame

First published: Tue Apr 29 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as IPIP and transmits the packet out the same interface, then in case of vmxnet3 a corrupted packet is being sent and subsequently dropped on the path. vmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp() through vmxnet3_xdp_xmit_back() calculates an incorrect DMA address: page = virt_to_page(xdpf->data); tbi->dma_addr = page_pool_get_dma_addr(page) + VMXNET3_XDP_HEADROOM; dma_sync_single_for_device(&adapter->pdev->dev, tbi->dma_addr, buf_size, DMA_TO_DEVICE); The above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP BPF program could have moved xdp->data. While the passed buf_size is correct (xdpf->len), the dma_addr needs to have a dynamic offset which can be calculated as xdpf->data - (void *)xdpf, that is, xdp->data - xdp->data_hard_start.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-58099?
CVE-2024-58099 has been rated with a high severity due to its impact on packet corruption in the Linux kernel.
How do I fix CVE-2024-58099?
To fix CVE-2024-58099, it is recommended to update to the latest version of the Linux kernel where this vulnerability has been resolved.
What impact does CVE-2024-58099 have on vmxnet3?
CVE-2024-58099 causes packet corruption issues in vmxnet3, affecting service load-balancing functionalities.
Who reported the issues related to CVE-2024-58099?
The connectivity issues with Cilium's service load-balancing related to CVE-2024-58099 were reported by Andrew and Nikolay.
What is the affected component in CVE-2024-58099?
The affected component in CVE-2024-58099 is the vmxnet3 driver within the Linux kernel.

collector/mitre-cve
source/MITRE
agent/title
agent/references
agent/first-publish-date
agent/description
agent/type
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/author
agent/source
agent/last-modified-date
agent/tags
agent/event
vendor/linux
canonical/linux kernel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.