{"id":"CVE-2024-53092","summary":"virtio_pci: Fix admin vq cleanup by using correct info pointer","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_pci: Fix admin vq cleanup by using correct info pointer\n\nvp_modern_avq_cleanup() and vp_del_vqs() clean up admin vq\nresources by virtio_pci_vq_info pointer. The info pointer of admin\nvq is stored in vp_dev-\u003eadmin_vq.info instead of vp_dev-\u003evqs[].\nUsing the info pointer from vp_dev-\u003evqs[] for admin vq causes a\nkernel NULL pointer dereference bug.\nIn vp_modern_avq_cleanup() and vp_del_vqs(), get the info pointer\nfrom vp_dev-\u003eadmin_vq.info for admin vq to clean up the resources.\nAlso make info ptr as argument of vp_del_vq() to be symmetric with\nvp_setup_vq().\n\nvp_reset calls vp_modern_avq_cleanup, and causes the Call Trace:\n==================================================================\nBUG: kernel NULL pointer dereference, address:0000000000000000\n...\nCPU: 49 UID: 0 PID: 4439 Comm: modprobe Not tainted 6.11.0-rc5 #1\nRIP: 0010:vp_reset+0x57/0x90 [virtio_pci]\nCall Trace:\n \u003cTASK\u003e\n...\n ? vp_reset+0x57/0x90 [virtio_pci]\n ? vp_reset+0x38/0x90 [virtio_pci]\n virtio_reset_device+0x1d/0x30\n remove_vq_common+0x1c/0x1a0 [virtio_net]\n virtnet_remove+0xa1/0xc0 [virtio_net]\n virtio_dev_remove+0x46/0xa0\n...\n virtio_pci_driver_exit+0x14/0x810 [virtio_pci]\n==================================================================","modified":"2026-04-02T12:22:48.144323Z","published":"2024-11-21T18:17:09.045Z","related":["USN-7276-1","USN-7277-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53092.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/018d3d4ad4be7fbc95d8a2367642a32d21df55c7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/97ee04feb682c906a1fa973ebe586fe91567d165"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53092.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53092"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4c3b54af907e709609d3d8beca92d65e2f0cfd83"},{"fixed":"018d3d4ad4be7fbc95d8a2367642a32d21df55c7"},{"fixed":"97ee04feb682c906a1fa973ebe586fe91567d165"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53092.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}