{"id":"CVE-2024-39506","summary":"liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info-\u003epage is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t  octeon_droq_dispatch_pkt\n\t   octeon_create_recv_info\n\t    ...search in the dispatch_list...\n\t     -\u003edisp_fn(rdisp-\u003erinfo, ...)\n\t      lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info-\u003epage to NULL.\nSo this check looks unneeded and doesn't solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can't do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.","modified":"2026-04-02T12:17:03.204525Z","published":"2024-07-12T12:20:38.298Z","related":["ALSA-2024:7000","ALSA-2024:7001","SUSE-SU-2024:2892-1","SUSE-SU-2024:2894-1","SUSE-SU-2024:2901-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2940-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3383-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39506.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39506.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39506"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1f233f327913f3dee0602cba9c64df1903772b55"},{"fixed":"87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2"},{"fixed":"dcc7440f32c7a26b067aff6e7d931ec593024a79"},{"fixed":"cbf18d8128a753cb632bef39470d19befd9c7347"},{"fixed":"a86490a3712cc513113440a606a0e77130abd47c"},{"fixed":"f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee"},{"fixed":"fd2b613bc4c508e55c1221c6595bb889812a4fea"},{"fixed":"a6f4d0ec170a46b5f453cacf55dff5989b42bbfa"},{"fixed":"c44711b78608c98a3e6b49ce91678cd0917d5349"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39506.json"}}],"schema_version":"1.7.5"}