CVE-2024-50252: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote address of an ip6gre net device never worked properly, but since cited commit the following reproducer [1] would result in a warning [2] and a memory leak [3]. The problem is that the new remote address is never added by the driver to its hash table (and therefore the device) and the old address is never removed from it. Fix by programming the new address when the configuration of the ip6gre net device changes and removing the old one. If the address did not change, then the above would result in increasing the reference count of the address and then decreasing it. [1] # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit # ip link set dev bla type ip6gre remote 2001:db8:3::1 # ip link del dev bla # devlink dev reload pci/0000:01:00.0 [2] WARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0 Modules linked in: CPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151 Hardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023 RIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0 [...] Call Trace: <TASK> mlxsw_sp_router_netdevice_event+0x55f/0x1240 notifier_call_chain+0x5a/0xd0 call_netdevice_notifiers_info+0x39/0x90 unregister_netdevice_many_notify+0x63e/0x9d0 rtnl_dellink+0x16b/0x3a0 rtnetlink_rcv_msg+0x142/0x3f0 netlink_rcv_skb+0x50/0x100 netlink_unicast+0x242/0x390 netlink_sendmsg+0x1de/0x420 ____sys_sendmsg+0x2bd/0x320 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xd0 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f [3] unreferenced object 0xffff898081f597a0 (size 32): comm "ip", pid 1626, jiffies 4294719324 hex dump (first 32 bytes): 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ............... 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia............. backtrace (crc fd9be911): [<00000000df89c55d>] __kmalloc_cache_noprof+0x1da/0x260 [<00000000ff2a1ddb>] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340 [<000000009ddd445d>] mlxsw_sp_router_netdevice_event+0x47b/0x1240 [<00000000743e7757>] notifier_call_chain+0x5a/0xd0 [<000000007c7b9e13>] call_netdevice_notifiers_info+0x39/0x90 [<000000002509645d>] register_netdevice+0x5f7/0x7a0 [<00000000c2e7d2a9>] ip6gre_newlink_common.isra.0+0x65/0x130 [<0000000087cd6d8d>] ip6gre_newlink+0x72/0x120 [<000000004df7c7cc>] rtnl_newlink+0x471/0xa20 [<0000000057ed632a>] rtnetlink_rcv_msg+0x142/0x3f0 [<0000000032e0d5b5>] netlink_rcv_skb+0x50/0x100 [<00000000908bca63>] netlink_unicast+0x242/0x390 [<00000000cdbe1c87>] netlink_sendmsg+0x1de/0x420 [<0000000011db153e>] ____sys_sendmsg+0x2bd/0x320 [<000000003b6d53eb>] ___sys_sendmsg+0x9a/0xe0 [<00000000cae27c62>] __sys_sendmsg+0x7a/0xd0
AI Analysis
Technical Summary
CVE-2024-50252 is a vulnerability identified in the Linux kernel, specifically within the Mellanox Spectrum mlxsw driver handling IPv6 GRE (ip6gre) tunnel devices. The issue arises when changing the remote IPv6 address of an ip6gre network device. The driver manages IPv6 addresses used for encapsulation in linear memory. However, when the remote address is changed, the new address is not properly added to the driver's hash table, and the old address is not removed. This results in a memory leak and a warning message logged by the kernel. The root cause is that the driver's internal data structures do not correctly update the reference counts and hash table entries for the IPv6 addresses during reconfiguration of the ip6gre device. The vulnerability was reproducible by creating an ip6gre device with a specific local and remote IPv6 address, changing the remote address, and then deleting the device, which triggers the leak. The kernel logs a warning indicating the failure to properly release the old IPv6 address object, which remains unreferenced in memory. The issue affects Linux kernel versions prior to the fix commit referenced and is specific to the mlxsw Spectrum driver used in Mellanox/NVIDIA network hardware. While the vulnerability does not directly cause a crash or remote code execution, the memory leak could lead to resource exhaustion on affected systems if the remote address is changed repeatedly without reboot or driver reload. This could degrade network device performance or stability over time. No known exploits are reported in the wild as of the publication date. The fix involves correctly programming the new IPv6 address into the driver's hash table and removing the old one, ensuring proper reference counting and memory management when the ip6gre device configuration changes.
Potential Impact
For European organizations, this vulnerability primarily impacts systems running Linux kernels with the affected mlxsw Spectrum driver, commonly found in data centers, cloud infrastructure, and enterprise networks utilizing Mellanox/NVIDIA network adapters. The memory leak could lead to gradual resource depletion on critical network devices, potentially causing degraded network performance or device instability. This is particularly relevant for organizations relying on IPv6 GRE tunnels for secure or segmented network traffic, such as telecom providers, cloud service operators, and large enterprises with complex network topologies. While the vulnerability does not enable direct remote code execution or privilege escalation, the resulting instability could disrupt network services, impacting availability and operational continuity. Organizations with high network traffic volumes or frequent reconfiguration of ip6gre tunnels are at greater risk of encountering the leak's effects. Additionally, the warning messages logged by the kernel could complicate troubleshooting and mask other critical issues. Given the widespread use of Linux in European IT infrastructure and the increasing adoption of IPv6, this vulnerability poses a moderate operational risk if left unpatched.
Mitigation Recommendations
European organizations should apply the official Linux kernel patches that address CVE-2024-50252 as soon as they become available in their distribution's stable releases. Until patched, administrators should minimize changes to the remote IPv6 addresses of ip6gre devices on systems using the mlxsw Spectrum driver to reduce the risk of memory leaks. Monitoring kernel logs for warnings related to mlxsw_sp_ipv6_addr_put can help detect attempts to exploit or trigger the issue. Network teams should audit their use of IPv6 GRE tunnels and consider alternative tunneling mechanisms if frequent reconfiguration is required. For critical infrastructure, implementing automated kernel update processes and testing patches in staging environments will ensure timely remediation. Additionally, organizations should maintain robust resource monitoring on network devices to detect abnormal memory usage trends that could indicate leaks. Collaboration with hardware vendors to confirm driver versions and firmware compatibility is recommended to ensure comprehensive mitigation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-50252: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote address of an ip6gre net device never worked properly, but since cited commit the following reproducer [1] would result in a warning [2] and a memory leak [3]. The problem is that the new remote address is never added by the driver to its hash table (and therefore the device) and the old address is never removed from it. Fix by programming the new address when the configuration of the ip6gre net device changes and removing the old one. If the address did not change, then the above would result in increasing the reference count of the address and then decreasing it. [1] # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit # ip link set dev bla type ip6gre remote 2001:db8:3::1 # ip link del dev bla # devlink dev reload pci/0000:01:00.0 [2] WARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0 Modules linked in: CPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151 Hardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023 RIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0 [...] Call Trace: <TASK> mlxsw_sp_router_netdevice_event+0x55f/0x1240 notifier_call_chain+0x5a/0xd0 call_netdevice_notifiers_info+0x39/0x90 unregister_netdevice_many_notify+0x63e/0x9d0 rtnl_dellink+0x16b/0x3a0 rtnetlink_rcv_msg+0x142/0x3f0 netlink_rcv_skb+0x50/0x100 netlink_unicast+0x242/0x390 netlink_sendmsg+0x1de/0x420 ____sys_sendmsg+0x2bd/0x320 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xd0 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f [3] unreferenced object 0xffff898081f597a0 (size 32): comm "ip", pid 1626, jiffies 4294719324 hex dump (first 32 bytes): 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ............... 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia............. backtrace (crc fd9be911): [<00000000df89c55d>] __kmalloc_cache_noprof+0x1da/0x260 [<00000000ff2a1ddb>] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340 [<000000009ddd445d>] mlxsw_sp_router_netdevice_event+0x47b/0x1240 [<00000000743e7757>] notifier_call_chain+0x5a/0xd0 [<000000007c7b9e13>] call_netdevice_notifiers_info+0x39/0x90 [<000000002509645d>] register_netdevice+0x5f7/0x7a0 [<00000000c2e7d2a9>] ip6gre_newlink_common.isra.0+0x65/0x130 [<0000000087cd6d8d>] ip6gre_newlink+0x72/0x120 [<000000004df7c7cc>] rtnl_newlink+0x471/0xa20 [<0000000057ed632a>] rtnetlink_rcv_msg+0x142/0x3f0 [<0000000032e0d5b5>] netlink_rcv_skb+0x50/0x100 [<00000000908bca63>] netlink_unicast+0x242/0x390 [<00000000cdbe1c87>] netlink_sendmsg+0x1de/0x420 [<0000000011db153e>] ____sys_sendmsg+0x2bd/0x320 [<000000003b6d53eb>] ___sys_sendmsg+0x9a/0xe0 [<00000000cae27c62>] __sys_sendmsg+0x7a/0xd0
AI-Powered Analysis
Technical Analysis
CVE-2024-50252 is a vulnerability identified in the Linux kernel, specifically within the Mellanox Spectrum mlxsw driver handling IPv6 GRE (ip6gre) tunnel devices. The issue arises when changing the remote IPv6 address of an ip6gre network device. The driver manages IPv6 addresses used for encapsulation in linear memory. However, when the remote address is changed, the new address is not properly added to the driver's hash table, and the old address is not removed. This results in a memory leak and a warning message logged by the kernel. The root cause is that the driver's internal data structures do not correctly update the reference counts and hash table entries for the IPv6 addresses during reconfiguration of the ip6gre device. The vulnerability was reproducible by creating an ip6gre device with a specific local and remote IPv6 address, changing the remote address, and then deleting the device, which triggers the leak. The kernel logs a warning indicating the failure to properly release the old IPv6 address object, which remains unreferenced in memory. The issue affects Linux kernel versions prior to the fix commit referenced and is specific to the mlxsw Spectrum driver used in Mellanox/NVIDIA network hardware. While the vulnerability does not directly cause a crash or remote code execution, the memory leak could lead to resource exhaustion on affected systems if the remote address is changed repeatedly without reboot or driver reload. This could degrade network device performance or stability over time. No known exploits are reported in the wild as of the publication date. The fix involves correctly programming the new IPv6 address into the driver's hash table and removing the old one, ensuring proper reference counting and memory management when the ip6gre device configuration changes.
Potential Impact
For European organizations, this vulnerability primarily impacts systems running Linux kernels with the affected mlxsw Spectrum driver, commonly found in data centers, cloud infrastructure, and enterprise networks utilizing Mellanox/NVIDIA network adapters. The memory leak could lead to gradual resource depletion on critical network devices, potentially causing degraded network performance or device instability. This is particularly relevant for organizations relying on IPv6 GRE tunnels for secure or segmented network traffic, such as telecom providers, cloud service operators, and large enterprises with complex network topologies. While the vulnerability does not enable direct remote code execution or privilege escalation, the resulting instability could disrupt network services, impacting availability and operational continuity. Organizations with high network traffic volumes or frequent reconfiguration of ip6gre tunnels are at greater risk of encountering the leak's effects. Additionally, the warning messages logged by the kernel could complicate troubleshooting and mask other critical issues. Given the widespread use of Linux in European IT infrastructure and the increasing adoption of IPv6, this vulnerability poses a moderate operational risk if left unpatched.
Mitigation Recommendations
European organizations should apply the official Linux kernel patches that address CVE-2024-50252 as soon as they become available in their distribution's stable releases. Until patched, administrators should minimize changes to the remote IPv6 addresses of ip6gre devices on systems using the mlxsw Spectrum driver to reduce the risk of memory leaks. Monitoring kernel logs for warnings related to mlxsw_sp_ipv6_addr_put can help detect attempts to exploit or trigger the issue. Network teams should audit their use of IPv6 GRE tunnels and consider alternative tunneling mechanisms if frequent reconfiguration is required. For critical infrastructure, implementing automated kernel update processes and testing patches in staging environments will ensure timely remediation. Additionally, organizations should maintain robust resource monitoring on network devices to detect abnormal memory usage trends that could indicate leaks. Collaboration with hardware vendors to confirm driver versions and firmware compatibility is recommended to ensure comprehensive mitigation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.979Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdf658
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 1:26:48 PM
Last updated: 8/7/2025, 12:52:12 PM
Views: 13
Related Threats
CVE-2025-8834: Cross Site Scripting in JCG Link-net LW-N915R
MediumCVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.