CVE-2024-42134 in Linuxinfo

Summary

by MITRE • 07/30/2024

In the Linux kernel, the following vulnerability has been resolved:

virtio-pci: Check if is_avq is NULL

[bug]
In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved to determine whether it is admin virtqueue, but this function vp_dev->is_avq may be empty. For installations, virtio_pci_legacy does not assign a value to vp_dev->is_avq.

[fix]
Check whether it is vp_dev->is_avq before use.

[test]
Test with virsh Attach device Before this patch, the following command would crash the guest system

After applying the patch, everything seems to be working fine.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 08/28/2025

The vulnerability identified as CVE-2024-42134 represents a critical NULL pointer dereference issue within the Linux kernel's virtio-pci subsystem that specifically affects virtualized environments using legacy virtio PCI devices. This flaw exists in the vp_del_vqs function located within the virtio_pci_common.c source file, where the code attempts to access the vp_dev->is_avq member variable without proper validation of its existence. The vulnerability manifests when the system processes virtio PCI device operations, particularly during the deletion of virtqueue structures, where the code assumes that is_avq will always contain a valid reference to determine whether a virtqueue is an admin virtqueue.

The technical root cause stems from an incomplete initialization pattern within the virtio_pci_legacy driver implementation, where the is_avq member variable is not assigned a value during device setup. This creates a scenario where subsequent code paths that rely on this variable for decision-making operations will encounter a NULL pointer access, leading to immediate system crashes or kernel oops conditions. The vulnerability specifically targets the legacy virtio PCI implementation path rather than the modern virtio PCI drivers, making it particularly concerning for older virtualization environments or systems that have not been migrated to newer driver implementations. This flaw falls under the CWE-476 category of NULL Pointer Dereference, which represents a fundamental programming error where a null pointer is dereferenced without proper validation, leading to system instability and potential denial of service conditions.

The operational impact of this vulnerability extends beyond simple system crashes, as it can be exploited to cause complete virtual machine instability within cloud and containerized environments that rely heavily on virtio PCI device emulation. Attackers could potentially leverage this vulnerability to perform denial of service attacks against virtualized infrastructure, causing guest operating systems to crash and potentially affecting the availability of services running within those virtual machines. The vulnerability is particularly dangerous in multi-tenant cloud environments where a single compromised guest could potentially affect the stability of the entire hosting platform. According to ATT&CK framework category T1499, this vulnerability could be used for service disruption, while the specific technique T1059.001 related to command and scripting interpreter could be exploited if an attacker gains access to the guest system through other means. The issue affects systems running Linux kernel versions that include the affected virtio-pci implementation, particularly those using legacy virtio PCI device drivers in virtualized environments.

Mitigation strategies for this vulnerability should focus on immediate kernel updates that include the patch addressing the NULL pointer dereference in the vp_del_vqs function. System administrators should prioritize applying the relevant security patches to all virtualized environments, particularly those running legacy virtio PCI drivers. The fix implemented involves adding a simple null check before accessing the vp_dev->is_avq variable, which aligns with standard defensive programming practices recommended in secure coding guidelines. Organizations should also consider implementing monitoring solutions to detect anomalous behavior in virtualized environments that might indicate exploitation attempts. Additionally, virtualization administrators should review their deployment configurations to ensure that legacy virtio PCI drivers are only used where absolutely necessary, and that modern virtio drivers are preferred for better security posture and feature support. The vulnerability serves as a reminder of the importance of proper initialization and validation of all data structures in kernel space code, as even seemingly minor oversights can lead to critical system instability and security implications.

Responsible

Linux

Reservation

07/29/2024

Disclosure

07/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00198

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!