{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-56751","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T11:26:39.759Z","datePublished":"2024-12-29T11:30:16.805Z","dateUpdated":"2025-11-03T20:53:42.799Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T10:03:52.312Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel  I observed a splat every ~10 iterations."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv6/route.c"],"versions":[{"version":"f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74","lessThan":"77aa9855a878fb43f547ddfbda3127a1e88ad31a","status":"affected","versionType":"git"},{"version":"f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74","lessThan":"b2f26a27ea3f72f75d18330f76f5d1007c791848","status":"affected","versionType":"git"},{"version":"f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74","lessThan":"43e25adc80269f917d2a195f0d59f74cdd182955","status":"affected","versionType":"git"},{"version":"f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74","lessThan":"a3c3f8a4d025acc8c857246ec2b812c59102487a","status":"affected","versionType":"git"},{"version":"f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74","lessThan":"0e4c6faaef8a24b762a24ffb767280e263ef8e10","status":"affected","versionType":"git"},{"version":"f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74","lessThan":"eb02688c5c45c3e7af7e71f036a7144f5639cbfe","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv6/route.c"],"versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","status":"unaffected","versionType":"semver"},{"version":"5.15.181","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.120","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.64","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.11.11","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12.2","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.15.181"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.1.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.6.64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.11.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.12.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/77aa9855a878fb43f547ddfbda3127a1e88ad31a"},{"url":"https://git.kernel.org/stable/c/b2f26a27ea3f72f75d18330f76f5d1007c791848"},{"url":"https://git.kernel.org/stable/c/43e25adc80269f917d2a195f0d59f74cdd182955"},{"url":"https://git.kernel.org/stable/c/a3c3f8a4d025acc8c857246ec2b812c59102487a"},{"url":"https://git.kernel.org/stable/c/0e4c6faaef8a24b762a24ffb767280e263ef8e10"},{"url":"https://git.kernel.org/stable/c/eb02688c5c45c3e7af7e71f036a7144f5639cbfe"}],"title":"ipv6: release nexthop on device removal","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T20:53:42.799Z"}}]}}