CVE-2024-50212

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-50212
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50212.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-50212
Downstream
Related
Published
2024-11-09T11:15:04Z
Modified
2024-11-16T05:00:04Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

lib: alloctagmoduleunload must wait for pending kfreercu calls

Ben Greear reports following splat: ------------[ cut here ]------------ net/netfilter/nfnatcore.c:1114 module nfnat func:nfnatregisterfn has 256 allocated at module unload WARNING: CPU: 1 PID: 10421 at lib/alloctag.c:168 alloctagmoduleunload+0x22b/0x3f0 Modules linked in: nfnat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat ... Hardware name: Default string Default string/SKYBAY, BIOS 5.12 08/04/2020 RIP: 0010:alloctagmoduleunload+0x22b/0x3f0 codetagunloadmodule+0x19b/0x2a0 ? codetagloadmodule+0x80/0x80

nfnat module exit calls kfreercu on those addresses, but the free operation is likely still pending by the time alloc_tag checks for leaks.

Wait for outstanding kfree_rcu operations to complete before checking resolves this warning.

Reproducer: unshare -n iptables-nft -t nat -A PREROUTING -p tcp grep nfnat /proc/allocinfo # will list 4 allocations rmmod nftchainnat rmmod nfnat # will WARN.

[akpm@linux-foundation.org: add comment]

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.11.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}