CVE-2024-45030 is a vulnerability identified in the Linux kernel's igb network driver, which is responsible for Intel Gigabit Ethernet adapters. The issue arises when the driver handles large MAX_SKB_FRAGS values, a kernel parameter that defines the maximum number of fragments in a socket buffer (skb). Specifically, when MAX_SKB_FRAGS is set to a high value such as 45, the igb driver fails to properly manage the shared info size and the ring buffer layout, leading to payload corruption during packet transmission (TX). This occurs because the driver attempts to fit two packets into the same 4K memory page without correctly accounting for the size of the first fragment list, causing data overlap and corruption. The problem can be reproduced by initiating an SSH connection to the affected machine with a high MAX_SKB_FRAGS setting. The root cause is the driver's inadequate handling of buffer sizes, particularly when 2K buffers are insufficient for the data being processed. The vulnerability was reported through Red Hat's bug tracking system and has been addressed by improving the driver's checks on buffer sizes to prevent such corruption. Although no known exploits are currently reported in the wild, the flaw affects the integrity of transmitted data at the kernel network driver level, which is critical for network communications.

For European organizations, this vulnerability poses a risk primarily to the integrity and reliability of network communications on systems running affected Linux kernel versions with Intel igb drivers. Payload corruption during transmission can lead to data loss, communication failures, or degraded network performance, which may disrupt critical services relying on stable SSH connections or other network protocols. In environments where data integrity is paramount, such as financial institutions, healthcare providers, and industrial control systems, this could result in operational disruptions or data inconsistencies. While the vulnerability does not directly expose confidentiality or allow remote code execution, the potential for network communication failures could indirectly affect availability and trustworthiness of services. Organizations with high network traffic or those that have customized kernel parameters to increase MAX_SKB_FRAGS for performance reasons are at greater risk. The lack of known exploits reduces immediate threat levels, but the vulnerability should be addressed proactively to prevent future exploitation or operational issues.

European organizations should promptly apply the Linux kernel patches that address this vulnerability once they are available from their Linux distribution vendors. Until patches are applied, organizations should consider reducing the MAX_SKB_FRAGS parameter to a safe value (e.g., 17 or lower) to avoid triggering the payload corruption. Network administrators should audit systems running Intel igb drivers to identify any custom kernel parameter configurations that increase MAX_SKB_FRAGS and revert them if necessary. Additionally, thorough testing of network-intensive applications, especially those using SSH or similar protocols, should be conducted after any kernel updates to ensure stability. Monitoring network error logs and packet transmission anomalies can help detect symptoms of this issue. For critical systems, consider isolating affected hosts or using alternative network drivers or hardware if patching is delayed. Finally, maintain up-to-date inventory and configuration management to quickly identify and remediate vulnerable systems.