cve 2024 40999

CVE-2024-40999 is a vulnerability in the Elastic Network Adapter (ENA) kernel driver, which is used in Azure Linux and potentially other Microsoft products. The vulnerability affects the ENA driver's handling of certain network operations, leading to a risk of denial of service or other impacts. Microsoft has attested that Azure Linux includes the affected open-source library and is potentially affected, but this attestation is product-scoped and does not guarantee that other Microsoft products are unaffected. Other Microsoft-distributed kernel artifacts or images could still ship the same vulnerable driver depending on build configuration and packaging choices. Vendors have stated they will expand VEX/CSAF attestations if additional products are found to be carriers. Users should monitor official advisories for updates.