CVE-2024-50252
📋 TL;DR
A memory leak vulnerability in the Linux kernel's mlxsw driver occurs when changing the remote IPv6 address on ip6gre tunnel interfaces. This causes kernel memory exhaustion over time, potentially leading to system instability or denial of service. Systems using Mellanox Spectrum switches with ip6gre tunnels configured are affected.
💻 Affected Systems
- Linux kernel with mlxsw driver
- Mellanox Spectrum switches
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could exhaust kernel memory, causing system crashes, denial of service, or unpredictable system behavior requiring reboots.
Likely Case
Gradual memory consumption leading to performance degradation and eventual system instability requiring manual intervention.
If Mitigated
Minimal impact with proper monitoring and memory limits in place, though memory would still leak until patched.
🎯 Exploit Status
Exploitation requires privileged access to modify network configuration. The vulnerability is triggered by legitimate administrative actions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with fixes from git commits: 31384aa2ad05c29c7745000f321154f42de24d1a, c1bbdbe07f0bc3bc9f87efe4672d67208c6d6942, d8f298eb6659eb6a38e26b79e77de4449dc6e61b
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid ip6gre remote address changes
linuxPrevent triggering the memory leak by avoiding changes to remote IPv6 addresses on ip6gre tunnels
# Do not execute: ip link set dev <interface> type ip6gre remote <new_ipv6_address>
Monitor kernel memory usage
linuxImplement monitoring for kernel memory consumption and alert on abnormal patterns
# Monitor slab memory: cat /proc/meminfo | grep Slab
# Monitor kernel memory: cat /proc/meminfo | grep KernelStack
🧯 If You Can't Patch
- Implement strict change control for ip6gre tunnel configurations
- Deploy kernel memory monitoring with automated alerts for memory exhaustion patterns
🔍 How to Verify
Check if Vulnerable:
Check if system uses ip6gre tunnels and has made remote IPv6 address changes. Monitor for kernel warnings about mlxsw_sp_ipv6_addr_put.Check Version:
uname -rVerify Fix Applied:
After patching, test ip6gre remote address changes and verify no memory leaks occur using slabtop or /proc/meminfo monitoring.📡 Detection & Monitoring
Log Indicators:
- Kernel warnings containing 'mlxsw_sp_ipv6_addr_put'
- System log messages about memory allocation failures
- OOM killer events
Network Indicators:
- Unusual ip6gre tunnel reconfiguration patterns
SIEM Query:
source="kernel" AND "mlxsw_sp_ipv6_addr_put" OR "memory leak" AND "ip6gre"🔗 References
- https://git.kernel.org/stable/c/12ae97c531fcd3bfd774d4dfeaeac23eafe24280
- https://git.kernel.org/stable/c/31384aa2ad05c29c7745000f321154f42de24d1a
- https://git.kernel.org/stable/c/c1bbdbe07f0bc3bc9f87efe4672d67208c6d6942
- https://git.kernel.org/stable/c/d8f298eb6659eb6a38e26b79e77de4449dc6e61b
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
