medium
5.5
CWE
401
EPSS
0.033%
Advisory Published
Updated

CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash This patch addresses a macvlan leak issue in the i40e driver caused by concurrent access to vsi->mac_filter_hash. The leak occurs when multiple threads attempt to modify the mac_filter_hash simultaneously, leading to inconsistent state and potential memory leaks. To fix this, we now wrap the calls to i40e_del_mac_filter() and zeroing vf->default_lan_addr.addr with spin_lock/unlock_bh(&vsi->mac_filter_hash_lock), ensuring atomic operations and preventing concurrent access. Additionally, we add lockdep_assert_held(&vsi->mac_filter_hash_lock) in i40e_add_mac_filter() to help catch similar issues in the future. Reproduction steps: 1. Spawn VFs and configure port vlan on them. 2. Trigger concurrent macvlan operations (e.g., adding and deleting portvlan and/or mac filters). 3. Observe the potential memory leak and inconsistent state in the mac_filter_hash. This synchronization ensures the integrity of the mac_filter_hash and prevents the described leak.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=5.15.54<5.15.168
Linux Kernel>=5.18.11<5.19
Linux Kernel>=5.19<6.1.113
Linux Kernel>=6.2<6.6.57
Linux Kernel>=6.7<6.11.4
Linux Kernel=6.12-rc1
Linux Kernel=6.12-rc2
debian/linux
5.10.223-1
5.10.234-1
6.1.129-1
6.1.135-1
6.12.25-1
6.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1

Remedy

https://git.kernel.org/stable/c/703c4d820b31bcadf465288d5746c53445f02a55

Remedy

https://git.kernel.org/stable/c/8831abff1bd5b6bc8224f0c0671f46fbd702b5b2

Remedy

https://git.kernel.org/stable/c/9a9747288ba0a9ad4f5c9877f18dd245770ad64e

Remedy

https://git.kernel.org/stable/c/9db6ce9e2738b05a3672aff4d42169cf3bb5a3e3

Remedy

https://git.kernel.org/stable/c/dac6c7b3d33756d6ce09f00a96ea2ecd79fae9fb

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-50041?

    CVE-2024-50041 is classified as a medium severity vulnerability.

  • How do I fix CVE-2024-50041?

    To resolve CVE-2024-50041, update your Linux kernel to a version that includes the relevant patch.

  • Which versions of the Linux kernel are affected by CVE-2024-50041?

    CVE-2024-50041 affects Linux kernel versions between 5.15.54 and 6.11.4, as well as certain release candidates.

  • What type of vulnerability is CVE-2024-50041?

    CVE-2024-50041 is a macvlan leak vulnerability due to concurrent access issues in the i40e driver.

  • Who is impacted by CVE-2024-50041?

    Users of affected Linux kernel versions running the i40e driver may be impacted by CVE-2024-50041.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203