- Description
- In the Linux kernel, the following vulnerability has been resolved: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash This patch addresses a macvlan leak issue in the i40e driver caused by concurrent access to vsi->mac_filter_hash. The leak occurs when multiple threads attempt to modify the mac_filter_hash simultaneously, leading to inconsistent state and potential memory leaks. To fix this, we now wrap the calls to i40e_del_mac_filter() and zeroing vf->default_lan_addr.addr with spin_lock/unlock_bh(&vsi->mac_filter_hash_lock), ensuring atomic operations and preventing concurrent access. Additionally, we add lockdep_assert_held(&vsi->mac_filter_hash_lock) in i40e_add_mac_filter() to help catch similar issues in the future. Reproduction steps: 1. Spawn VFs and configure port vlan on them. 2. Trigger concurrent macvlan operations (e.g., adding and deleting portvlan and/or mac filters). 3. Observe the potential memory leak and inconsistent state in the mac_filter_hash. This synchronization ensures the integrity of the mac_filter_hash and prevents the described leak.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-401
- Hype score
- Not currently trending
CVE-2024-50041 In the Linux kernel, the following vulnerability has been resolved: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash This patch addresses a macvlan… https://t.co/SbQFcIdRfe
@CVEnew
22 Oct 2024
246 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
CVE-2024-50041 In the Linux kernel, the following vulnerability has been resolved: i40e Fix macvlan leak by synchronizing access to mac_filter_hash This patch addresses a macvlan leak issue in the i40e driver c... https://t.co/jaLvy1Mr66
@VulmonFeeds
22 Oct 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9429645-5F5B-486E-877E-5F2E0EB6202F",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15.54"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F904485-FC3F-4533-8CD9-B8208F0C4707",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.18.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D848431-3C7A-4C40-BC35-515047E89ABE",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "5.19"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1",
"versionEndExcluding": "6.6.57",
"versionStartIncluding": "6.2"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "6.7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
}
],
"operator": "OR"
}
]
}
]