CVE-2024-26830: i40e: Do not allow untrusted VF to remove administratively set MAC
First published: Wed Apr 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not allow untrusted VF to remove administratively set MAC Currently when PF administratively sets VF's MAC address and the VF is put down (VF tries to delete all MACs) then the MAC is removed from MAC filters and primary VF MAC is zeroed. Do not allow untrusted VF to remove primary MAC when it was set administratively by PF. Reproducer: 1) Create VF 2) Set VF interface up 3) Administratively set the VF's MAC 4) Put VF interface down [root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs [root@host ~]# ip link set enp2s0f0v0 up [root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d [root@host ~]# ip link show enp2s0f0 23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off [root@host ~]# ip link set enp2s0f0v0 down [root@host ~]# ip link show enp2s0f0 23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.1.79 | 6.1.79 |
| redhat/kernel | <6.6.18 | 6.6.18 |
| redhat/kernel | <6.7.6 | 6.7.6 |
| redhat/kernel | <6.8 | 6.8 |
| Linux Kernel | >=3.14<6.1.79 | |
| Linux Kernel | >=6.2<6.6.18 | |
| Linux Kernel | >=6.7<6.7.6 | |
| Linux Kernel | =6.8-rc1 | |
| Linux Kernel | =6.8-rc2 | |
| Linux Kernel | =6.8-rc3 | |
| Linux Kernel | =6.8-rc4 | |
| debian/linux | <=5.10.223-1<=5.10.234-1 | 6.1.129-1 6.1.128-1 6.12.21-1 6.12.22-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/1c981792e4ccbc134b468797acdd7781959e6893
- https://git.kernel.org/stable/c/73d9629e1c8c1982f13688c4d1019c3994647ccc
- https://git.kernel.org/stable/c/be147926140ac48022c9605d7ab0a67387e4b404
- https://git.kernel.org/stable/c/d250a81ba813a93563be68072c563aa1e346346d
- https://launchpad.net/bugs/cve/CVE-2024-26830
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26830
- https://nvd.nist.gov/vuln/detail/CVE-2024-26830
- https://security-tracker.debian.org/tracker/CVE-2024-26830
- https://ubuntu.com/security/CVE-2024-26830
- https://git.kernel.org/linus/73d9629e1c8c1982f13688c4d1019c3994647ccc
- https://access.redhat.com/security/cve/CVE-2024-26830
- https://lore.kernel.org/linux-cve-announce/2024041703-CVE-2024-26830-5bc0@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2275597
- https://access.redhat.com/errata/RHSA-2024:8161
- https://access.redhat.com/errata/RHSA-2024:10941
- https://access.redhat.com/errata/RHSA-2025:0064
- https://access.redhat.com/errata/RHSA-2025:0063
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2275596#c19
- https://bugzilla.redhat.com/show_bug.cgi?id=2275596
Frequently Asked Questions
What is the severity of CVE-2024-26830?
CVE-2024-26830 is considered a medium severity vulnerability due to its potential to allow untrusted virtual functions to remove administratively set MAC addresses.
How do I fix CVE-2024-26830?
To mitigate CVE-2024-26830, update to the fixed kernel versions 6.1.79, 6.6.18, 6.7.6, 6.8 for Red Hat or ensure your Debian system uses versions 6.1.123-1, 6.1.119-1, 6.12.10-1, or 6.12.11-1.
What systems are affected by CVE-2024-26830?
CVE-2024-26830 affects Linux kernel versions up to 6.1.79, 6.6.18, 6.7.6, 6.8 for Red Hat and versions up to 5.10.223-1 and 5.10.226-1 for Debian.
Is CVE-2024-26830 being actively exploited?
As of now, there is no public indication that CVE-2024-26830 is being actively exploited in the wild.
What impact does CVE-2024-26830 have on system security?
CVE-2024-26830 could lead to unauthorized MAC address changes, potentially impacting network security and traffic management.
- agent/title
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/references
- agent/source
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-26830
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/softwarecombine
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/event
- collector/nvd-api
- package-manager/redhat
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.14
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.8-rc1
- version/linux kernel/6.8-rc2
- version/linux kernel/6.8-rc3
- version/linux kernel/6.8-rc4