CVE-2024-58099: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as IPIP and transmits the packet out the same interface, then in case of vmxnet3 a corrupted packet is being sent and subsequently dropped on the path. vmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp() through vmxnet3_xdp_xmit_back() calculates an incorrect DMA address: page = virt_to_page(xdpf->data); tbi->dma_addr = page_pool_get_dma_addr(page) + VMXNET3_XDP_HEADROOM; dma_sync_single_for_device(&adapter->pdev->dev, tbi->dma_addr, buf_size, DMA_TO_DEVICE); The above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP BPF program could have moved xdp->data. While the passed buf_size is correct (xdpf->len), the dma_addr needs to have a dynamic offset which can be calculated as xdpf->data - (void *)xdpf, that is, xdp->data - xdp->data_hard_start.
AI Analysis
Technical Summary
CVE-2024-58099 is a vulnerability identified in the Linux kernel's vmxnet3 network driver, specifically affecting the handling of packet transmission when using eXpress Data Path (XDP) programs that add encapsulation headers such as IP-in-IP (IPIP). The issue arises in the vmxnet3_xdp_xmit_frame() function, which is responsible for transmitting packets through the vmxnet3 interface. The vulnerability is due to an incorrect calculation of the Direct Memory Access (DMA) address used for packet transmission. The function assumes a fixed offset (VMXNET3_XDP_HEADROOM) when calculating the DMA address, but this assumption is invalid if the XDP program modifies the packet data pointer (xdp->data). This results in the DMA address pointing to an incorrect memory location, causing packet corruption. Consequently, corrupted packets are sent and subsequently dropped along the network path, leading to connectivity issues. This problem was reported in the context of Cilium's service load-balancing functionality when used with vmxnet3 interfaces. The root cause is a mismatch between the dynamic offset of the packet data after XDP processing and the static offset used in the DMA address calculation. The fix requires adjusting the DMA address calculation to account for the dynamic offset, specifically by computing the offset as the difference between xdp->data and xdp->data_hard_start, ensuring the correct memory region is referenced for DMA operations. This vulnerability affects Linux kernel versions containing the vmxnet3 driver with the described behavior and impacts environments where native XDP programs perform encapsulation and transmit packets on vmxnet3 interfaces.
Potential Impact
For European organizations, the impact of CVE-2024-58099 can be significant, particularly for those relying on Linux-based virtualized environments using VMware's vmxnet3 network driver and employing advanced networking features such as XDP for packet processing and service load balancing (e.g., Cilium). The vulnerability leads to packet corruption and dropped packets, which can degrade network connectivity, disrupt service availability, and impair load balancing mechanisms. This can affect critical infrastructure, cloud service providers, and enterprises using container orchestration platforms that leverage XDP for performance optimization. The loss of connectivity or degraded network performance can impact business operations, cause downtime, and reduce the reliability of networked applications. While the vulnerability does not appear to allow direct code execution or privilege escalation, the disruption of network traffic can indirectly affect confidentiality and integrity by causing retransmissions, failovers, or fallback to less secure paths. Additionally, environments with strict network performance requirements or real-time data flows may experience operational challenges. Since the vulnerability requires the use of native XDP programs with encapsulation and vmxnet3 interfaces, its impact is scoped but critical for affected deployments.
Mitigation Recommendations
To mitigate CVE-2024-58099, European organizations should: 1) Apply the official Linux kernel patches that correct the DMA address calculation in the vmxnet3_xdp_xmit_frame() function, ensuring the dynamic offset of xdp->data is properly accounted for. 2) Review and test any native XDP programs that add encapsulation headers (such as IPIP) and transmit packets on vmxnet3 interfaces to verify compatibility with patched kernels. 3) Temporarily disable or avoid using XDP programs that perform encapsulation and transmit on vmxnet3 interfaces until patches are applied. 4) Monitor network traffic for signs of packet corruption or drops in environments using vmxnet3 and XDP, using network performance monitoring tools and logs. 5) Coordinate with VMware and Linux distribution vendors to obtain updated kernel packages and ensure timely deployment in production environments. 6) For container orchestration platforms like Kubernetes using Cilium, verify that the service load balancing functionality is tested post-patch to confirm resolution of connectivity issues. 7) Implement network redundancy and failover mechanisms to minimize impact during patch deployment or if packet loss occurs. These steps go beyond generic advice by focusing on the specific interaction between XDP encapsulation, vmxnet3 driver behavior, and the need for dynamic DMA address calculation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium, Denmark
CVE-2024-58099: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as IPIP and transmits the packet out the same interface, then in case of vmxnet3 a corrupted packet is being sent and subsequently dropped on the path. vmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp() through vmxnet3_xdp_xmit_back() calculates an incorrect DMA address: page = virt_to_page(xdpf->data); tbi->dma_addr = page_pool_get_dma_addr(page) + VMXNET3_XDP_HEADROOM; dma_sync_single_for_device(&adapter->pdev->dev, tbi->dma_addr, buf_size, DMA_TO_DEVICE); The above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP BPF program could have moved xdp->data. While the passed buf_size is correct (xdpf->len), the dma_addr needs to have a dynamic offset which can be calculated as xdpf->data - (void *)xdpf, that is, xdp->data - xdp->data_hard_start.
AI-Powered Analysis
Technical Analysis
CVE-2024-58099 is a vulnerability identified in the Linux kernel's vmxnet3 network driver, specifically affecting the handling of packet transmission when using eXpress Data Path (XDP) programs that add encapsulation headers such as IP-in-IP (IPIP). The issue arises in the vmxnet3_xdp_xmit_frame() function, which is responsible for transmitting packets through the vmxnet3 interface. The vulnerability is due to an incorrect calculation of the Direct Memory Access (DMA) address used for packet transmission. The function assumes a fixed offset (VMXNET3_XDP_HEADROOM) when calculating the DMA address, but this assumption is invalid if the XDP program modifies the packet data pointer (xdp->data). This results in the DMA address pointing to an incorrect memory location, causing packet corruption. Consequently, corrupted packets are sent and subsequently dropped along the network path, leading to connectivity issues. This problem was reported in the context of Cilium's service load-balancing functionality when used with vmxnet3 interfaces. The root cause is a mismatch between the dynamic offset of the packet data after XDP processing and the static offset used in the DMA address calculation. The fix requires adjusting the DMA address calculation to account for the dynamic offset, specifically by computing the offset as the difference between xdp->data and xdp->data_hard_start, ensuring the correct memory region is referenced for DMA operations. This vulnerability affects Linux kernel versions containing the vmxnet3 driver with the described behavior and impacts environments where native XDP programs perform encapsulation and transmit packets on vmxnet3 interfaces.
Potential Impact
For European organizations, the impact of CVE-2024-58099 can be significant, particularly for those relying on Linux-based virtualized environments using VMware's vmxnet3 network driver and employing advanced networking features such as XDP for packet processing and service load balancing (e.g., Cilium). The vulnerability leads to packet corruption and dropped packets, which can degrade network connectivity, disrupt service availability, and impair load balancing mechanisms. This can affect critical infrastructure, cloud service providers, and enterprises using container orchestration platforms that leverage XDP for performance optimization. The loss of connectivity or degraded network performance can impact business operations, cause downtime, and reduce the reliability of networked applications. While the vulnerability does not appear to allow direct code execution or privilege escalation, the disruption of network traffic can indirectly affect confidentiality and integrity by causing retransmissions, failovers, or fallback to less secure paths. Additionally, environments with strict network performance requirements or real-time data flows may experience operational challenges. Since the vulnerability requires the use of native XDP programs with encapsulation and vmxnet3 interfaces, its impact is scoped but critical for affected deployments.
Mitigation Recommendations
To mitigate CVE-2024-58099, European organizations should: 1) Apply the official Linux kernel patches that correct the DMA address calculation in the vmxnet3_xdp_xmit_frame() function, ensuring the dynamic offset of xdp->data is properly accounted for. 2) Review and test any native XDP programs that add encapsulation headers (such as IPIP) and transmit packets on vmxnet3 interfaces to verify compatibility with patched kernels. 3) Temporarily disable or avoid using XDP programs that perform encapsulation and transmit on vmxnet3 interfaces until patches are applied. 4) Monitor network traffic for signs of packet corruption or drops in environments using vmxnet3 and XDP, using network performance monitoring tools and logs. 5) Coordinate with VMware and Linux distribution vendors to obtain updated kernel packages and ensure timely deployment in production environments. 6) For container orchestration platforms like Kubernetes using Cilium, verify that the service load balancing functionality is tested post-patch to confirm resolution of connectivity issues. 7) Implement network redundancy and failover mechanisms to minimize impact during patch deployment or if packet loss occurs. These steps go beyond generic advice by focusing on the specific interaction between XDP encapsulation, vmxnet3 driver behavior, and the need for dynamic DMA address calculation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-03-06T15:52:09.189Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde395
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 6:10:58 AM
Last updated: 7/30/2025, 3:42:23 AM
Views: 15
Related Threats
CVE-2025-8987: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8986: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-31987: CWE-405 Asymmetric Resource Consumption in HCL Software Connections Docs
MediumCVE-2025-8985: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8984: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.