What is CVE-2024-27431?

CVE-2024-27431 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-27431 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-27431?

CVE-2024-27431 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-27431?

No patch is currently available for CVE-2024-27431. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-27431 actively exploited?

CVE-2024-27431 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-27431

Medium

In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdp_rxq_info data structure being used in the xdp_buff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdp_md->rx_queue_index value for XDP programs running in a cpumap. This means we're basically returning the contents of the uninitialised memory, which is bad. Fix this by zero-initialising the rxq data structure before running the XDP program.

Package Linux Kernel

Published 2024-05-17

Last modified 2026-05-12

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-908

CVE-2024-27431 is classified as CWE-908

See CWE-908 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2024-27431 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Third Party Advisory
Cert-Portal
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Kernel patch commit
https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297
Patch

6 patch commits total View all on NVD

Details

CVE ID CVE-2024-27431

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-05-17

Modified 2026-05-12

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-27431?

CVE-2024-27431 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-27431 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-27431?

CVE-2024-27431 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-27431?

No patch is currently available for CVE-2024-27431. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-27431 actively exploited?

No — CVE-2024-27431 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.