CVE-2024-50041

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-50041
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50041.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50041
Downstream
Related
Published
2024-10-21T19:39:40.435Z
Modified
2026-03-20T12:39:33.505832Z
Summary
i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
Details

In the Linux kernel, the following vulnerability has been resolved:

i40e: Fix macvlan leak by synchronizing access to macfilterhash

This patch addresses a macvlan leak issue in the i40e driver caused by concurrent access to vsi->macfilterhash. The leak occurs when multiple threads attempt to modify the macfilterhash simultaneously, leading to inconsistent state and potential memory leaks.

To fix this, we now wrap the calls to i40edelmacfilter() and zeroing vf->defaultlanaddr.addr with spinlock/unlockbh(&vsi->macfilterhashlock), ensuring atomic operations and preventing concurrent access.

Additionally, we add lockdepassertheld(&vsi->macfilterhashlock) in i40eaddmacfilter() to help catch similar issues in the future.

Reproduction steps: 1. Spawn VFs and configure port vlan on them. 2. Trigger concurrent macvlan operations (e.g., adding and deleting portvlan and/or mac filters). 3. Observe the potential memory leak and inconsistent state in the macfilterhash.

This synchronization ensures the integrity of the macfilterhash and prevents the described leak.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50041.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ddec6cbbe22781d17965f1e6386e5a6363c058d2
Fixed
9db6ce9e2738b05a3672aff4d42169cf3bb5a3e3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fed0d9f13266a22ce1fc9a97521ef9cdc6271a23
Fixed
9a9747288ba0a9ad4f5c9877f18dd245770ad64e
Fixed
703c4d820b31bcadf465288d5746c53445f02a55
Fixed
8831abff1bd5b6bc8224f0c0671f46fbd702b5b2
Fixed
dac6c7b3d33756d6ce09f00a96ea2ecd79fae9fb
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8bfcbaa379694e05290fcff21f4bd40afcf88776

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50041.json"