{"vulnerability": "CVE-2024-27431", "sightings": [{"uuid": "b7eba6a1-3a84-48c6-b391-183694e683b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27431", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2841", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-27431\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ncpumap: Zero-initialise xdp_rxq_info struct before running XDP program\n\nWhen running an XDP program that is attached to a cpumap entry, we don't\ninitialise the xdp_rxq_info data structure being used in the xdp_buff\nthat backs the XDP program invocation. Tobias noticed that this leads to\nrandom values being returned as the xdp_md->rx_queue_index value for XDP\nprograms running in a cpumap.\n\nThis means we're basically returning the contents of the uninitialised\nmemory, which is bad. Fix this by zero-initialising the rxq data\nstructure before running the XDP program.\n\ud83d\udccf Published: 2024-05-17T12:02:10.274Z\n\ud83d\udccf Modified: 2025-01-23T21:49:35.963Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297\n2. https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b\n3. https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95\n4. https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a\n5. https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6\n6. https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5", "creation_timestamp": "2025-01-23T22:03:39.000000Z"}]}