CVE-2024-26830

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> i40e: Do not allow untrusted VF to remove administratively set MAC<br /> <br /> Currently when PF administratively sets VF&amp;#39;s MAC address and the VF<br /> is put down (VF tries to delete all MACs) then the MAC is removed<br /> from MAC filters and primary VF MAC is zeroed.<br /> <br /> Do not allow untrusted VF to remove primary MAC when it was set<br /> administratively by PF.<br /> <br /> Reproducer:<br /> 1) Create VF<br /> 2) Set VF interface up<br /> 3) Administratively set the VF&amp;#39;s MAC<br /> 4) Put VF interface down<br /> <br /> [root@host ~]# echo 1 &gt; /sys/class/net/enp2s0f0/device/sriov_numvfs<br /> [root@host ~]# ip link set enp2s0f0v0 up<br /> [root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d<br /> [root@host ~]# ip link show enp2s0f0<br /> 23: enp2s0f0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000<br /> link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff<br /> vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off<br /> [root@host ~]# ip link set enp2s0f0v0 down<br /> [root@host ~]# ip link show enp2s0f0<br /> 23: enp2s0f0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000<br /> link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff<br /> vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off