CVE-2024-26830

Summary

In the Linux kernel, the following vulnerability has been resolved:

i40e: Do not allow untrusted VF to remove administratively set MAC

Currently when PF administratively sets VF's MAC address and the VF is put down (VF tries to delete all MACs) then the MAC is removed from MAC filters and primary VF MAC is zeroed.

Do not allow untrusted VF to remove primary MAC when it was set administratively by PF.

Reproducer:

  1. Create VF
  2. Set VF interface up
  3. Administratively set the VF's MAC
  4. Put VF interface down

[root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs [root@host ~]# ip link set enp2s0f0v0 up [root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d [root@host ~]# ip link show enp2s0f0 23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off [root@host ~]# ip link set enp2s0f0v0 down [root@host ~]# ip link show enp2s0f0 23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off

Affected Software

VendorProductVersion RangeStatus
LinuxLinux700bbf6c1f9e4ab055528d5ab4ac5815fe4a6c1b < 1c981792e4ccbc134b468797acdd7781959e6893affected
LinuxLinux700bbf6c1f9e4ab055528d5ab4ac5815fe4a6c1b < be147926140ac48022c9605d7ab0a67387e4b404affected
LinuxLinux700bbf6c1f9e4ab055528d5ab4ac5815fe4a6c1b < d250a81ba813a93563be68072c563aa1e346346daffected
LinuxLinux700bbf6c1f9e4ab055528d5ab4ac5815fe4a6c1b < 73d9629e1c8c1982f13688c4d1019c3994647cccaffected
LinuxLinux3.14affected
LinuxLinux0 < 3.14unaffected
LinuxLinux6.1.79 <= 6.1.*unaffected
LinuxLinux6.6.18 <= 6.6.*unaffected
LinuxLinux6.7.6 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References