medium
4.7
CWE
362
Advisory Published
Updated

CVE-2024-53088: i40e: fix race condition by adding filter's intermediate sync state

First published: Tue Nov 19 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multiple threads are concurrently modifying MAC/VLAN filters by setting mac and port VLAN. 1. Thread T0 allocates a filter in i40e_add_filter() within i40e_ndo_set_vf_port_vlan(). 2. Thread T1 concurrently frees the filter in __i40e_del_filter() within i40e_ndo_set_vf_mac(). 3. Subsequently, i40e_service_task() calls i40e_sync_vsi_filters(), which refers to the already freed filter memory, causing corruption. Reproduction steps: 1. Spawn multiple VFs. 2. Apply a concurrent heavy load by running parallel operations to change MAC addresses on the VFs and change port VLANs on the host. 3. Observe errors in dmesg: "Error I40E_AQ_RC_ENOSPC adding RX filters on VF XX, please set promiscuous on manually for VF XX". Exact code for stable reproduction Intel can't open-source now. The fix involves implementing a new intermediate filter state, I40E_FILTER_NEW_SYNC, for the time when a filter is on a tmp_add_list. These filters cannot be deleted from the hash list directly but must be removed using the full process.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=4.10<5.15.172
Linux Kernel>=5.16<6.1.117
Linux Kernel>=6.2<6.6.61
Linux Kernel>=6.7<6.11.8
Linux Kernel=6.12-rc1
Linux Kernel=6.12-rc2
Linux Kernel=6.12-rc3
Linux Kernel=6.12-rc4
Linux Kernel=6.12-rc5
Linux Kernel=6.12-rc6

Remedy

https://git.kernel.org/stable/c/262dc6ea5f1eb18c4d08ad83d51222d0dd0dd42a

Remedy

https://git.kernel.org/stable/c/6e046f4937474bc1b9fa980c1ad8f3253fc638f6

Remedy

https://git.kernel.org/stable/c/7ad3fb3bfd43feb4e15c81dffd23ac4e55742791

Remedy

https://git.kernel.org/stable/c/bf5f837d9fd27d32fb76df0a108babcaf4446ff1

Remedy

https://git.kernel.org/stable/c/f30490e9695ef7da3d0899c6a0293cc7cd373567

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-53088?

    CVE-2024-53088 is classified with a medium severity rating due to a race condition in the i40e driver that can lead to MAC/VLAN filter corruption.

  • How do I fix CVE-2024-53088?

    To fix CVE-2024-53088, users should update the Linux kernel to a patched version that resolves the race condition in the i40e driver.

  • Which Linux kernel versions are affected by CVE-2024-53088?

    CVE-2024-53088 affects Linux kernel versions from 4.10 to 5.15.172, 5.16 to 6.1.117, 6.2 to 6.6.61, 6.7 to 6.11.8, and specific release candidates 6.12-rc1 to 6.12-rc6.

  • What impact does CVE-2024-53088 have on system security?

    The impact of CVE-2024-53088 includes potential information leaks and compromised network integrity due to corrupted MAC/VLAN filters.

  • Is there a workaround for CVE-2024-53088?

    Currently, there is no documented workaround for CVE-2024-53088 other than upgrading to a secure version of the Linux kernel.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203