CVE-2024-58099 – A memory corruption vulnerability in the Linux ... (How to Fix)

Q: What is the severity of CVE-2024-58099?

CVE-2024-58099 has a CVSS score of 5.5 (MEDIUM). A memory corruption vulnerability in the Linux kernel's vmxnet3 driver allows packet corruption when using XDP (eXpress Data Path) with encapsulation headers. This affects Linux systems using VMware's vmxnet3 network driver with XDP enabled, potentially causing network connectivity issues and packet drops.

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's vmxnet3 driver allows packet corruption when using XDP (eXpress Data Path) with encapsulation headers. This affects Linux systems using VMware's vmxnet3 network driver with XDP enabled, potentially causing network connectivity issues and packet drops.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions with the vulnerable vmxnet3 driver code (specific commit range not provided in CVE)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using VMware vmxnet3 network driver with XDP enabled and BPF programs that add encapsulation headers (like IPIP).

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent network connectivity failures, service disruption, and potential data corruption in network traffic when using affected configurations.

🟠

Likely Case

Intermittent packet corruption leading to connectivity issues, dropped packets, and degraded network performance in environments using vmxnet3 with XDP encapsulation.

🟢

If Mitigated

No impact if XDP is disabled or if systems don't use vmxnet3 driver with encapsulation headers.

🌐 Internet-Facing: LOW - Requires specific driver configuration and XDP usage, not directly exploitable from internet.

🏢 Internal Only: MEDIUM - Affects internal network communications in virtualized environments using vmxnet3 with XDP features.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires specific driver configuration, XDP usage, and BPF programs that modify packet headers. This is a reliability issue rather than a security exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 4678adf94da4a9e9683817b246b58ce15fb81782, 59ba6cdadb9c26b606a365eb9c9b25eb2052622d, f82eb34fb59a8fb96c19f4f492c20eb774140bb5

Vendor Advisory: https://git.kernel.org/stable/c/4678adf94da4a9e9683817b246b58ce15fb81782

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify vmxnet3 driver is using patched code.

🔧 Temporary Workarounds

Disable XDP on vmxnet3 interfaces

linux

Prevent XDP processing on vmxnet3 network interfaces to avoid the vulnerability

ip link set dev <interface> xdp off

Avoid encapsulation headers in XDP programs

linux

Modify BPF programs to not add encapsulation headers when using vmxnet3

🧯 If You Can't Patch

Disable XDP features on all vmxnet3 network interfaces
Use alternative network drivers or virtualization platforms if possible

🔍 How to Verify

Check if Vulnerable:

Check if system uses vmxnet3 driver with XDP enabled and runs BPF programs that add encapsulation headers

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and test XDP functionality with encapsulation headers

📡 Detection & Monitoring

Log Indicators:

Increased packet drops on vmxnet3 interfaces
Network connectivity errors in applications

Network Indicators:

Unexpected packet corruption
Increased retransmissions

SIEM Query:

Search for network interface errors or packet drop events on systems using vmxnet3 driver

📊 Metadata

CVE ID: CVE-2024-58099

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (4.2th percentile)

Published: April 29, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58099, you might also want to check these: