NVD Vulnerability Detail

CVE-2024-50252

Summary	In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote address of an ip6gre net device never worked properly, but since cited commit the following reproducer [1] would result in a warning [2] and a memory leak [3]. The problem is that the new remote address is never added by the driver to its hash table (and therefore the device) and the old address is never removed from it. Fix by programming the new address when the configuration of the ip6gre net device changes and removing the old one. If the address did not change, then the above would result in increasing the reference count of the address and then decreasing it. [1] # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit # ip link set dev bla type ip6gre remote 2001:db8:3::1 # ip link del dev bla # devlink dev reload pci/0000:01:00.0 [2] WARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0 Modules linked in: CPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151 Hardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023 RIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0 [...] Call Trace: <TASK> mlxsw_sp_router_netdevice_event+0x55f/0x1240 notifier_call_chain+0x5a/0xd0 call_netdevice_notifiers_info+0x39/0x90 unregister_netdevice_many_notify+0x63e/0x9d0 rtnl_dellink+0x16b/0x3a0 rtnetlink_rcv_msg+0x142/0x3f0 netlink_rcv_skb+0x50/0x100 netlink_unicast+0x242/0x390 netlink_sendmsg+0x1de/0x420 ____sys_sendmsg+0x2bd/0x320 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xd0 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f [3] unreferenced object 0xffff898081f597a0 (size 32): comm "ip", pid 1626, jiffies 4294719324 hex dump (first 32 bytes): 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ............... 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia............. backtrace (crc fd9be911): [<00000000df89c55d>] __kmalloc_cache_noprof+0x1da/0x260 [<00000000ff2a1ddb>] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340 [<000000009ddd445d>] mlxsw_sp_router_netdevice_event+0x47b/0x1240 [<00000000743e7757>] notifier_call_chain+0x5a/0xd0 [<000000007c7b9e13>] call_netdevice_notifiers_info+0x39/0x90 [<000000002509645d>] register_netdevice+0x5f7/0x7a0 [<00000000c2e7d2a9>] ip6gre_newlink_common.isra.0+0x65/0x130 [<0000000087cd6d8d>] ip6gre_newlink+0x72/0x120 [<000000004df7c7cc>] rtnl_newlink+0x471/0xa20 [<0000000057ed632a>] rtnetlink_rcv_msg+0x142/0x3f0 [<0000000032e0d5b5>] netlink_rcv_skb+0x50/0x100 [<00000000908bca63>] netlink_unicast+0x242/0x390 [<00000000cdbe1c87>] netlink_sendmsg+0x1de/0x420 [<0000000011db153e>] ____sys_sendmsg+0x2bd/0x320 [<000000003b6d53eb>] ___sys_sendmsg+0x9a/0xe0 [<00000000cae27c62>] __sys_sendmsg+0x7a/0xd0
Publication Date	Nov. 9, 2024, 8:15 p.m.
Registration Date	Nov. 10, 2024, 5 a.m.
Last Update	Nov. 15, 2024, 3:08 a.m.

CVSS3.1 : MEDIUM
スコア	5.5
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
cpe:2.3:o:linux:linux_kernel::::::::	6.7			6.11.7
cpe:2.3:o:linux:linux_kernel::::::::	6.2			6.6.60
cpe:2.3:o:linux:linux_kernel::::::::	5.17			6.1.116

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/d8f298eb6659eb6a38e26b79e77de4449dc6e61b	Patch
2	https://git.kernel.org/stable/c/31384aa2ad05c29c7745000f321154f42de24d1a	Patch
3	https://git.kernel.org/stable/c/c1bbdbe07f0bc3bc9f87efe4672d67208c6d6942	Patch
4	https://git.kernel.org/stable/c/12ae97c531fcd3bfd774d4dfeaeac23eafe24280	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-401	有効期限後のメモリの解放の欠如	https://cwe.mitre.org/data/definitions/401.html

JVN Vulnerability Information

Linux の Linux Kernel における有効期限後のメモリの解放の欠如に関する脆弱性

Title	Linux の Linux Kernel における有効期限後のメモリの解放の欠如に関する脆弱性
Summary	Linux の Linux Kernel には、有効期限後のメモリの解放の欠如に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 30, 2024, midnight
Registration Date	Nov. 15, 2024, 4:08 p.m.
Last Update	Nov. 15, 2024, 4:08 p.m.

Affected System

Linux

Linux Kernel 5.17 以上 6.1.116 未満

Linux Kernel 6.12

Linux Kernel 6.2 以上 6.6.60 未満

Linux Kernel 6.7 以上 6.11.7 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-50252	https://www.cve.org/CVERecord?id=CVE-2024-50252
National Vulnerability Database (NVD)
2	CVE-2024-50252	https://nvd.nist.gov/vuln/detail/CVE-2024-50252

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-401	https://cwe.mitre.org/data/definitions/401.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (12ae97c)	https://git.kernel.org/stable/c/12ae97c531fcd3bfd774d4dfeaeac23eafe24280
2	mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (31384aa)	https://git.kernel.org/stable/c/31384aa2ad05c29c7745000f321154f42de24d1a
3	mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (c1bbdbe)	https://git.kernel.org/stable/c/c1bbdbe07f0bc3bc9f87efe4672d67208c6d6942
4	mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (d8f298e)	https://git.kernel.org/stable/c/d8f298eb6659eb6a38e26b79e77de4449dc6e61b
Linux Kernel
5	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年11月15日] 掲載	Nov. 15, 2024, 1:18 p.m.