CVE-2024-50212
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50212
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50212.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50212
- Downstream
- Related
- Published
- 2024-11-09T10:14:24Z
- Modified
- 2025-10-15T02:01:03.364249Z
- Summary
- lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
lib: alloctagmoduleunload must wait for pending kfreercu calls
Ben Greear reports following splat: ------------[ cut here ]------------ net/netfilter/nfnatcore.c:1114 module nfnat func:nfnatregisterfn has 256 allocated at module unload WARNING: CPU: 1 PID: 10421 at lib/alloctag.c:168 alloctagmoduleunload+0x22b/0x3f0 Modules linked in: nfnat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat ... Hardware name: Default string Default string/SKYBAY, BIOS 5.12 08/04/2020 RIP: 0010:alloctagmoduleunload+0x22b/0x3f0 codetagunloadmodule+0x19b/0x2a0 ? codetagloadmodule+0x80/0x80
nfnat module exit calls kfreercu on those addresses, but the free operation is likely still pending by the time alloc_tag checks for leaks.
Wait for outstanding kfree_rcu operations to complete before checking resolves this warning.
Reproducer: unshare -n iptables-nft -t nat -A PREROUTING -p tcp grep nfnat /proc/allocinfo # will list 4 allocations rmmod nftchainnat rmmod nfnat # will WARN.
[akpm@linux-foundation.org: add comment]
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda473573964e51dcb6efc182f773cd3924be4a184Fixed24211fb49c9ac1b576470b7e393a5a0b50af2707
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda473573964e51dcb6efc182f773cd3924be4a184Fixeddc783ba4b9df3fb3e76e968b2cbeb9960069263c
Affected versions
v6.*
Database specific
{
"vanir_signatures": [
{
"target": {
"file": "lib/codetag.c"
},
"id": "CVE-2024-50212-30c0d3bc",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"262489207155748115043380417121937368464",
"336744520723280304355635571953995049781",
"177366391636063832344984511243712946088"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc783ba4b9df3fb3e76e968b2cbeb9960069263c",
"signature_type": "Line"
},
{
"target": {
"file": "lib/codetag.c",
"function": "codetag_unload_module"
},
"id": "CVE-2024-50212-7a56e48a",
"signature_version": "v1",
"digest": {
"length": 714.0,
"function_hash": "141680292660938078231858300219214919496"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc783ba4b9df3fb3e76e968b2cbeb9960069263c",
"signature_type": "Function"
},
{
"target": {
"file": "lib/codetag.c"
},
"id": "CVE-2024-50212-7b695066",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"262489207155748115043380417121937368464",
"336744520723280304355635571953995049781",
"177366391636063832344984511243712946088"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@24211fb49c9ac1b576470b7e393a5a0b50af2707",
"signature_type": "Line"
},
{
"target": {
"file": "lib/codetag.c",
"function": "codetag_unload_module"
},
"id": "CVE-2024-50212-7da11bf5",
"signature_version": "v1",
"digest": {
"length": 714.0,
"function_hash": "141680292660938078231858300219214919496"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@24211fb49c9ac1b576470b7e393a5a0b50af2707",
"signature_type": "Function"
}
]
}