CVE-2024-26830
Vulnerability from cvelistv5
Published
2024-04-17 09:43
Modified
2024-12-19 08:48
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not allow untrusted VF to remove administratively set MAC Currently when PF administratively sets VF's MAC address and the VF is put down (VF tries to delete all MACs) then the MAC is removed from MAC filters and primary VF MAC is zeroed. Do not allow untrusted VF to remove primary MAC when it was set administratively by PF. Reproducer: 1) Create VF 2) Set VF interface up 3) Administratively set the VF's MAC 4) Put VF interface down [root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs [root@host ~]# ip link set enp2s0f0v0 up [root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d [root@host ~]# ip link show enp2s0f0 23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off [root@host ~]# ip link set enp2s0f0v0 down [root@host ~]# ip link show enp2s0f0 23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off
Impacted products
Vendor Product Version
Linux Linux Version: 3.14
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26830",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:41:40.871945Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:48:41.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c981792e4ccbc134b468797acdd7781959e6893"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be147926140ac48022c9605d7ab0a67387e4b404"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d250a81ba813a93563be68072c563aa1e346346d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73d9629e1c8c1982f13688c4d1019c3994647ccc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1c981792e4ccbc134b468797acdd7781959e6893",
              "status": "affected",
              "version": "700bbf6c1f9e4ab055528d5ab4ac5815fe4a6c1b",
              "versionType": "git"
            },
            {
              "lessThan": "be147926140ac48022c9605d7ab0a67387e4b404",
              "status": "affected",
              "version": "700bbf6c1f9e4ab055528d5ab4ac5815fe4a6c1b",
              "versionType": "git"
            },
            {
              "lessThan": "d250a81ba813a93563be68072c563aa1e346346d",
              "status": "affected",
              "version": "700bbf6c1f9e4ab055528d5ab4ac5815fe4a6c1b",
              "versionType": "git"
            },
            {
              "lessThan": "73d9629e1c8c1982f13688c4d1019c3994647ccc",
              "status": "affected",
              "version": "700bbf6c1f9e4ab055528d5ab4ac5815fe4a6c1b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.14"
            },
            {
              "lessThan": "3.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Do not allow untrusted VF to remove administratively set MAC\n\nCurrently when PF administratively sets VF\u0027s MAC address and the VF\nis put down (VF tries to delete all MACs) then the MAC is removed\nfrom MAC filters and primary VF MAC is zeroed.\n\nDo not allow untrusted VF to remove primary MAC when it was set\nadministratively by PF.\n\nReproducer:\n1) Create VF\n2) Set VF interface up\n3) Administratively set the VF\u0027s MAC\n4) Put VF interface down\n\n[root@host ~]# echo 1 \u003e /sys/class/net/enp2s0f0/device/sriov_numvfs\n[root@host ~]# ip link set enp2s0f0v0 up\n[root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d\n[root@host ~]# ip link show enp2s0f0\n23: enp2s0f0: \u003cBROADCAST,MULTICAST,UP,LOWER_UP\u003e mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\n    link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\n    vf 0     link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off\n[root@host ~]# ip link set enp2s0f0v0 down\n[root@host ~]# ip link show enp2s0f0\n23: enp2s0f0: \u003cBROADCAST,MULTICAST,UP,LOWER_UP\u003e mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\n    link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\n    vf 0     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:48:15.697Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1c981792e4ccbc134b468797acdd7781959e6893"
        },
        {
          "url": "https://git.kernel.org/stable/c/be147926140ac48022c9605d7ab0a67387e4b404"
        },
        {
          "url": "https://git.kernel.org/stable/c/d250a81ba813a93563be68072c563aa1e346346d"
        },
        {
          "url": "https://git.kernel.org/stable/c/73d9629e1c8c1982f13688c4d1019c3994647ccc"
        }
      ],
      "title": "i40e: Do not allow untrusted VF to remove administratively set MAC",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26830",
    "datePublished": "2024-04-17T09:43:53.643Z",
    "dateReserved": "2024-02-19T14:20:24.181Z",
    "dateUpdated": "2024-12-19T08:48:15.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26830\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-17T10:15:09.400\",\"lastModified\":\"2024-11-21T09:03:09.897\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ni40e: Do not allow untrusted VF to remove administratively set MAC\\n\\nCurrently when PF administratively sets VF\u0027s MAC address and the VF\\nis put down (VF tries to delete all MACs) then the MAC is removed\\nfrom MAC filters and primary VF MAC is zeroed.\\n\\nDo not allow untrusted VF to remove primary MAC when it was set\\nadministratively by PF.\\n\\nReproducer:\\n1) Create VF\\n2) Set VF interface up\\n3) Administratively set the VF\u0027s MAC\\n4) Put VF interface down\\n\\n[root@host ~]# echo 1 \u003e /sys/class/net/enp2s0f0/device/sriov_numvfs\\n[root@host ~]# ip link set enp2s0f0v0 up\\n[root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d\\n[root@host ~]# ip link show enp2s0f0\\n23: enp2s0f0: \u003cBROADCAST,MULTICAST,UP,LOWER_UP\u003e mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\\n    link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\\n    vf 0     link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off\\n[root@host ~]# ip link set enp2s0f0v0 down\\n[root@host ~]# ip link show enp2s0f0\\n23: enp2s0f0: \u003cBROADCAST,MULTICAST,UP,LOWER_UP\u003e mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\\n    link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\\n    vf 0     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: No permitir que VF que no es de confianza elimine la MAC configurada administrativamente. Actualmente, cuando PF configura administrativamente la direcci\u00f3n MAC de VF y el VF se desactiva (VF intenta eliminar todas las MAC), entonces la MAC se eliminado de los filtros MAC y el MAC VF primario se pone a cero. No permita que VF que no es de confianza elimine la MAC principal cuando PF la configur\u00f3 administrativamente. Reproductor: 1) Crear VF 2) Configurar la interfaz VF 3) Configurar administrativamente la MAC del VF 4) Colocar la interfaz VF [root@host ~]# echo 1 \u0026gt; /sys/class/net/enp2s0f0/device/sriov_numvfs [root@ host ~]# enlace ip establecido enp2s0f0v0 up [root@host ~]# enlace ip establecido enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d [root@host ~]# enlace ip show enp2s0f0 23: enp2s0f0: \u0026lt; BROADCAST,MULTICAST,UP,LOWER_UP\u0026gt; mtu 1500 qdisc mq estado Modo UP DEFAULT grupo predeterminado qlen 1000 enlace/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff vf 0 enlace/ ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, verificaci\u00f3n de suplantaci\u00f3n de identidad activada, estado de enlace autom\u00e1tico, confianza desactivada [root@host ~]# enlace IP configurado enp2s0f0v0 inactivo [ra\u00edz @host ~]# ip link show enp2s0f0 23: enp2s0f0:  mtu 1500 qdisc mq state Modo UP DEFAULT grupo predeterminado qlen 1000 link/ether 3c:ec:ef:b7:dd:04 brd ff :ff:ff:ff:ff:ff vf 0 enlace/\u00e9ter 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, verificaci\u00f3n de suplantaci\u00f3n de identidad activada, estado de enlace autom\u00e1tico, confianza desactivada\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1c981792e4ccbc134b468797acdd7781959e6893\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/73d9629e1c8c1982f13688c4d1019c3994647ccc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/be147926140ac48022c9605d7ab0a67387e4b404\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d250a81ba813a93563be68072c563aa1e346346d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1c981792e4ccbc134b468797acdd7781959e6893\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/73d9629e1c8c1982f13688c4d1019c3994647ccc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/be147926140ac48022c9605d7ab0a67387e4b404\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/d250a81ba813a93563be68072c563aa1e346346d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.