Vulnerability-Lookup

alsa-2025:0066

Vulnerability from osv_almalinux

Published

2025-01-08 00:00

Modified

2025-01-08 21:24

Summary

Important: kernel-rt security update

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: i40e: fix race condition by adding filter's intermediate sync state (CVE-2024-53088)
kernel: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:0066	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-53088	REPORT
	https://access.redhat.com/security/cve/CVE-2024-53122	REPORT
	https://bugzilla.redhat.com/2327328	REPORT
	https://bugzilla.redhat.com/2329932	REPORT
	https://errata.almalinux.org/8/ALSA-2025-0066.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.34.1.rt7.375.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.34.1.rt7.375.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.34.1.rt7.375.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.34.1.rt7.375.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.34.1.rt7.375.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.34.1.rt7.375.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.34.1.rt7.375.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.34.1.rt7.375.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.34.1.rt7.375.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.34.1.rt7.375.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.  \n\nSecurity Fix(es):  \n\n  * kernel: i40e: fix race condition by adding filter\u0027s intermediate sync state (CVE-2024-53088)\n  * kernel: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:0066",
  "modified": "2025-01-08T21:24:50Z",
  "published": "2025-01-08T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:0066"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-53088"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-53122"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2327328"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2329932"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-0066.html"
    }
  ],
  "related": [
    "CVE-2024-53088",
    "CVE-2024-53122"
  ],
  "summary": "Important: kernel-rt security update"
}

CVE-2024-53122 (GCVE-0-2024-53122)

Vulnerability from cvelistv5 – Published: 2024-12-02 13:44 – Updated: 2025-11-03 22:29

Title

mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

Summary

In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0a9a182ea5c7bb037…
	https://git.kernel.org/stable/c/24995851d58c4a205…
	https://git.kernel.org/stable/c/ff825ab2f455299c0…
	https://git.kernel.org/stable/c/aad6412c63baa39dd…
	https://git.kernel.org/stable/c/ce7356ae35943cc64…

Impacted products

Vendor

Product

Version

Linux

Affected: c76c6956566f974bac2470bd72fc22fb923e04a1 , < 0a9a182ea5c7bb0374e527130fd85024ace7279b (git)
Affected: c76c6956566f974bac2470bd72fc22fb923e04a1 , < 24995851d58c4a205ad0ffa7b2f21e479a9c8527 (git)
Affected: c76c6956566f974bac2470bd72fc22fb923e04a1 , < ff825ab2f455299c0c7287550915a8878e2a66e0 (git)
Affected: c76c6956566f974bac2470bd72fc22fb923e04a1 , < aad6412c63baa39dd813e81f16a14d976b3de2e8 (git)
Affected: c76c6956566f974bac2470bd72fc22fb923e04a1 , < ce7356ae35943cc6494cc692e62d51a734062b7d (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.63 , ≤ 6.6.* (semver)
Unaffected: 6.11.10 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:28.992Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0a9a182ea5c7bb0374e527130fd85024ace7279b",
              "status": "affected",
              "version": "c76c6956566f974bac2470bd72fc22fb923e04a1",
              "versionType": "git"
            },
            {
              "lessThan": "24995851d58c4a205ad0ffa7b2f21e479a9c8527",
              "status": "affected",
              "version": "c76c6956566f974bac2470bd72fc22fb923e04a1",
              "versionType": "git"
            },
            {
              "lessThan": "ff825ab2f455299c0c7287550915a8878e2a66e0",
              "status": "affected",
              "version": "c76c6956566f974bac2470bd72fc22fb923e04a1",
              "versionType": "git"
            },
            {
              "lessThan": "aad6412c63baa39dd813e81f16a14d976b3de2e8",
              "status": "affected",
              "version": "c76c6956566f974bac2470bd72fc22fb923e04a1",
              "versionType": "git"
            },
            {
              "lessThan": "ce7356ae35943cc6494cc692e62d51a734062b7d",
              "status": "affected",
              "version": "c76c6956566f974bac2470bd72fc22fb923e04a1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: cope racing subflow creation in mptcp_rcv_space_adjust\n\nAdditional active subflows - i.e. created by the in kernel path\nmanager - are included into the subflow list before starting the\n3whs.\n\nA racing recvmsg() spooling data received on an already established\nsubflow would unconditionally call tcp_cleanup_rbuf() on all the\ncurrent subflows, potentially hitting a divide by zero error on\nthe newly created ones.\n\nExplicitly check that the subflow is in a suitable state before\ninvoking tcp_cleanup_rbuf()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:34.823Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0a9a182ea5c7bb0374e527130fd85024ace7279b"
        },
        {
          "url": "https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7d"
        }
      ],
      "title": "mptcp: cope racing subflow creation in mptcp_rcv_space_adjust",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53122",
    "datePublished": "2024-12-02T13:44:52.678Z",
    "dateReserved": "2024-11-19T17:17:24.994Z",
    "dateUpdated": "2025-11-03T22:29:28.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53088 (GCVE-0-2024-53088)

Vulnerability from cvelistv5 – Published: 2024-11-19 17:45 – Updated: 2025-11-03 22:29

Title

i40e: fix race condition by adding filter's intermediate sync state

Summary

In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multiple threads are concurrently modifying MAC/VLAN filters by setting mac and port VLAN. 1. Thread T0 allocates a filter in i40e_add_filter() within i40e_ndo_set_vf_port_vlan(). 2. Thread T1 concurrently frees the filter in __i40e_del_filter() within i40e_ndo_set_vf_mac(). 3. Subsequently, i40e_service_task() calls i40e_sync_vsi_filters(), which refers to the already freed filter memory, causing corruption. Reproduction steps: 1. Spawn multiple VFs. 2. Apply a concurrent heavy load by running parallel operations to change MAC addresses on the VFs and change port VLANs on the host. 3. Observe errors in dmesg: "Error I40E_AQ_RC_ENOSPC adding RX filters on VF XX, please set promiscuous on manually for VF XX". Exact code for stable reproduction Intel can't open-source now. The fix involves implementing a new intermediate filter state, I40E_FILTER_NEW_SYNC, for the time when a filter is on a tmp_add_list. These filters cannot be deleted from the hash list directly but must be removed using the full process.

Severity ?

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/262dc6ea5f1eb18c4…
	https://git.kernel.org/stable/c/7ad3fb3bfd43feb4e…
	https://git.kernel.org/stable/c/bf5f837d9fd27d32f…
	https://git.kernel.org/stable/c/6e046f4937474bc1b…
	https://git.kernel.org/stable/c/f30490e9695ef7da3…

Impacted products

Vendor

Product

Version

Linux

Affected: 278e7d0b9d6864a9749b9473a273892aa1528621 , < 262dc6ea5f1eb18c4d08ad83d51222d0dd0dd42a (git)
Affected: 278e7d0b9d6864a9749b9473a273892aa1528621 , < 7ad3fb3bfd43feb4e15c81dffd23ac4e55742791 (git)
Affected: 278e7d0b9d6864a9749b9473a273892aa1528621 , < bf5f837d9fd27d32fb76df0a108babcaf4446ff1 (git)
Affected: 278e7d0b9d6864a9749b9473a273892aa1528621 , < 6e046f4937474bc1b9fa980c1ad8f3253fc638f6 (git)
Affected: 278e7d0b9d6864a9749b9473a273892aa1528621 , < f30490e9695ef7da3d0899c6a0293cc7cd373567 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 5.15.172 , ≤ 5.15.* (semver)
Unaffected: 6.1.117 , ≤ 6.1.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:11:41.083931Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:14.117Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:06.753Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e.h",
            "drivers/net/ethernet/intel/i40e/i40e_debugfs.c",
            "drivers/net/ethernet/intel/i40e/i40e_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "262dc6ea5f1eb18c4d08ad83d51222d0dd0dd42a",
              "status": "affected",
              "version": "278e7d0b9d6864a9749b9473a273892aa1528621",
              "versionType": "git"
            },
            {
              "lessThan": "7ad3fb3bfd43feb4e15c81dffd23ac4e55742791",
              "status": "affected",
              "version": "278e7d0b9d6864a9749b9473a273892aa1528621",
              "versionType": "git"
            },
            {
              "lessThan": "bf5f837d9fd27d32fb76df0a108babcaf4446ff1",
              "status": "affected",
              "version": "278e7d0b9d6864a9749b9473a273892aa1528621",
              "versionType": "git"
            },
            {
              "lessThan": "6e046f4937474bc1b9fa980c1ad8f3253fc638f6",
              "status": "affected",
              "version": "278e7d0b9d6864a9749b9473a273892aa1528621",
              "versionType": "git"
            },
            {
              "lessThan": "f30490e9695ef7da3d0899c6a0293cc7cd373567",
              "status": "affected",
              "version": "278e7d0b9d6864a9749b9473a273892aa1528621",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e.h",
            "drivers/net/ethernet/intel/i40e/i40e_debugfs.c",
            "drivers/net/ethernet/intel/i40e/i40e_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix race condition by adding filter\u0027s intermediate sync state\n\nFix a race condition in the i40e driver that leads to MAC/VLAN filters\nbecoming corrupted and leaking. Address the issue that occurs under\nheavy load when multiple threads are concurrently modifying MAC/VLAN\nfilters by setting mac and port VLAN.\n\n1. Thread T0 allocates a filter in i40e_add_filter() within\n        i40e_ndo_set_vf_port_vlan().\n2. Thread T1 concurrently frees the filter in __i40e_del_filter() within\n        i40e_ndo_set_vf_mac().\n3. Subsequently, i40e_service_task() calls i40e_sync_vsi_filters(), which\n        refers to the already freed filter memory, causing corruption.\n\nReproduction steps:\n1. Spawn multiple VFs.\n2. Apply a concurrent heavy load by running parallel operations to change\n        MAC addresses on the VFs and change port VLANs on the host.\n3. Observe errors in dmesg:\n\"Error I40E_AQ_RC_ENOSPC adding RX filters on VF XX,\n\tplease set promiscuous on manually for VF XX\".\n\nExact code for stable reproduction Intel can\u0027t open-source now.\n\nThe fix involves implementing a new intermediate filter state,\nI40E_FILTER_NEW_SYNC, for the time when a filter is on a tmp_add_list.\nThese filters cannot be deleted from the hash list directly but\nmust be removed using the full process."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:52:38.820Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/262dc6ea5f1eb18c4d08ad83d51222d0dd0dd42a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ad3fb3bfd43feb4e15c81dffd23ac4e55742791"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf5f837d9fd27d32fb76df0a108babcaf4446ff1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e046f4937474bc1b9fa980c1ad8f3253fc638f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/f30490e9695ef7da3d0899c6a0293cc7cd373567"
        }
      ],
      "title": "i40e: fix race condition by adding filter\u0027s intermediate sync state",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53088",
    "datePublished": "2024-11-19T17:45:16.169Z",
    "dateReserved": "2024-11-19T17:17:24.980Z",
    "dateUpdated": "2025-11-03T22:29:06.753Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2025:0066

Vulnerability from osv_almalinux

CVE-2024-53122 (GCVE-0-2024-53122)

CVE-2024-53088 (GCVE-0-2024-53088)

Tags

Sightings

Nomenclature