CVE-2024-50212
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50212
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50212.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-50212
- Downstream
- Related
- Published
- 2024-11-09T10:14:24Z
- Modified
- 2025-10-15T17:39:10.738859Z
- Summary
- lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
lib: alloctagmoduleunload must wait for pending kfreercu calls
Ben Greear reports following splat: ------------[ cut here ]------------ net/netfilter/nfnatcore.c:1114 module nfnat func:nfnatregisterfn has 256 allocated at module unload WARNING: CPU: 1 PID: 10421 at lib/alloctag.c:168 alloctagmoduleunload+0x22b/0x3f0 Modules linked in: nfnat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat ... Hardware name: Default string Default string/SKYBAY, BIOS 5.12 08/04/2020 RIP: 0010:alloctagmoduleunload+0x22b/0x3f0 codetagunloadmodule+0x19b/0x2a0 ? codetagloadmodule+0x80/0x80
nfnat module exit calls kfreercu on those addresses, but the free operation is likely still pending by the time alloc_tag checks for leaks.
Wait for outstanding kfree_rcu operations to complete before checking resolves this warning.
Reproducer: unshare -n iptables-nft -t nat -A PREROUTING -p tcp grep nfnat /proc/allocinfo # will list 4 allocations rmmod nftchainnat rmmod nfnat # will WARN.
[akpm@linux-foundation.org: add comment]
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda473573964e51dcb6efc182f773cd3924be4a184Fixed24211fb49c9ac1b576470b7e393a5a0b50af2707
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda473573964e51dcb6efc182f773cd3924be4a184Fixeddc783ba4b9df3fb3e76e968b2cbeb9960069263c