{
  "threat_severity" : "Moderate",
  "public_date" : "2024-04-17T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: i40e: Do not allow untrusted VF to remove administratively set MAC",
    "id" : "2275596",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2275596"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ni40e: Do not allow untrusted VF to remove administratively set MAC\nCurrently when PF administratively sets VF's MAC address and the VF\nis put down (VF tries to delete all MACs) then the MAC is removed\nfrom MAC filters and primary VF MAC is zeroed.\nDo not allow untrusted VF to remove primary MAC when it was set\nadministratively by PF.\nReproducer:\n1) Create VF\n2) Set VF interface up\n3) Administratively set the VF's MAC\n4) Put VF interface down\n[root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs\n[root@host ~]# ip link set enp2s0f0v0 up\n[root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d\n[root@host ~]# ip link show enp2s0f0\n23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\nlink/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\nvf 0     link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off\n[root@host ~]# ip link set enp2s0f0v0 down\n[root@host ~]# ip link show enp2s0f0\n23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\nlink/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\nvf 0     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off", "A flaw was found in Intel network adapters in the Linux kernel, where untrusted virtualized network interfaces can remove MAC addresses set by the system. This flaw allows an attacker with sufficient privileges to cause a denial of service." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2024-10-16T00:00:00Z",
    "advisory" : "RHSA-2024:8161",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.126.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2024-10-16T00:00:00Z",
    "advisory" : "RHSA-2024:8161",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.126.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2024-10-16T00:00:00Z",
    "advisory" : "RHSA-2024:8161",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.126.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10941",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.8",
    "package" : "kernel-0:4.18.0-477.83.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2025-01-08T00:00:00Z",
    "advisory" : "RHSA-2025:0063",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2",
    "package" : "kernel-0:5.14.0-284.99.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2025-01-08T00:00:00Z",
    "advisory" : "RHSA-2025:0064",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.99.1.rt14.384.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26830\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26830\nhttps://lore.kernel.org/linux-cve-announce/2024041703-CVE-2024-26830-5bc0@gregkh/T" ],
  "name" : "CVE-2024-26830",
  "csaw" : false
}