CVE-2024-57843: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57843 is a buffer overflow vulnerability discovered in the Linux kernel's virtio-net driver, specifically in the virtnet_rq_alloc function. The vulnerability was disclosed on January 11, 2025, affecting the virtual network interface implementation. The issue occurs when a fragment receives a single page allocation, particularly when the sysctl net.core.high_order_alloc_disable value is set to 1 (NVD).

The vulnerability stems from the virtnet_rq_dma structure occupying 16 bytes at the beginning of a new fragment. While this arrangement works correctly when the fragment size exceeds PAGE_SIZE, an overflow condition can occur when the fragment is limited to a single page and the combined size of the buffer and virtnet_rq_dma exceeds one page. This issue was introduced by commit f9dac92ba908 ('virtio_ring: enable premapped mode whatever use_dma_api') (Kernel Commit).

The vulnerability can lead to system instability and functionality issues in virtual machines. Specifically, it can cause reliable crashes and file transfer failures, such as SCP failures when transferring files around 100MB in size to virtual machines (Kernel Commit).

The issue has been resolved by modifying the buffer length calculation in the virtio-net driver. When the fragment size is insufficient, the buffer length is reduced to prevent the overflow condition. This fix has been implemented directly rather than reverting previous commits (Kernel Commit).