CVE-2024-50252

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: A memory leak issue has been identified in the Linux kernel, specifically in the mlxsw spectrum ipip module. This issue occurs when changing the remote IPv6 address of an ip6gre net device, resulting in a warning and a memory leak. The problem arises because the new remote address is not added to the driver's hash table, and the old address is not removed. This issue can be triggered by changing the remote address of an ip6gre net device using the ip link set command.

Recommendations: To resolve this issue, update the Linux kernel to version 6.6.61 or later. As a temporary workaround, consider avoiding changes to the remote IPv6 address of ip6gre net devices until the update is applied. Additionally, restrict access to the vulnerable module mlxsw to minimize the risk of exploitation.