Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2024-42162 | Mondoo Vulnerability Intelligence

CVE-2024-42162

HIGH7.0

gve: Account for stopped queues when reading NIC stats

Published Jul 30, 2024

Modified 8 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

gve: Account for stopped queues when reading NIC stats

We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gve_get_ethtool_stats might make an invalid access on the priv->stats_report->stats array.

References

WEBhttps://git.kernel.org/stable/c/32675d828c8a392e20d5b42375ed112c407e4b62 WEBhttps://git.kernel.org/stable/c/af9bcf910b1f86244f39e15e701b2dc564b469a6 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-42162

CVSS Analysis

CVSS v3.1

7.0

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedJul 30, 2024

ModifiedMay 21, 2025