CVE-2024-50298 in Linux
Summary
by MITRE • 11/19/2024
In the Linux kernel, the following vulnerability has been resolved:
net: enetc: allocate vf_state during PF probes
In the previous implementation, vf_state is allocated memory only when VF is enabled. However, net_device_ops::ndo_set_vf_mac() may be called before VF is enabled to configure the MAC address of VF. If this is the case, enetc_pf_set_vf_mac() will access vf_state, resulting in access to a null pointer. The simplified error log is as follows.
root@ls1028ardb:~# ip link set eno0 vf 1 mac 00:0c:e7:66:77:89 [ 173.543315] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004
[ 173.637254] pc : enetc_pf_set_vf_mac+0x3c/0x80 Message from sy
[ 173.641973] lr : do_setlink+0x4a8/0xec8
[ 173.732292] Call trace:
[ 173.734740] enetc_pf_set_vf_mac+0x3c/0x80
[ 173.738847] __rtnl_newlink+0x530/0x89c
[ 173.742692] rtnl_newlink+0x50/0x7c
[ 173.746189] rtnetlink_rcv_msg+0x128/0x390
[ 173.750298] netlink_rcv_skb+0x60/0x130
[ 173.754145] rtnetlink_rcv+0x18/0x24
[ 173.757731] netlink_unicast+0x318/0x380
[ 173.761665] netlink_sendmsg+0x17c/0x3c8
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/25/2026
The vulnerability CVE-2024-50298 affects the Linux kernel's enetc network driver, specifically within the Ethernet networking subsystem. This issue manifests as a null pointer dereference that occurs when attempting to configure virtual function (VF) MAC addresses before the VF is properly enabled. The problem stems from improper memory allocation timing within the driver's initialization sequence, creating a scenario where critical data structures remain uninitialized when accessed by subsequent operations.
The technical flaw exists in the enetc network driver's handling of virtual function state management. During the initial probe phase of the physical function (PF), the vf_state memory allocation is deferred until the VF is actually enabled. However, the network device operations interface includes a function ndo_set_vf_mac() that can be invoked regardless of the VF's enabled status. When administrators or system processes attempt to set a VF's MAC address before enabling the VF, the driver attempts to access the vf_state structure which has not yet been allocated, resulting in a NULL pointer dereference. This behavior violates the fundamental principle of proper resource initialization and can lead to system crashes or kernel panics.
The operational impact of this vulnerability extends beyond simple system instability, as it can be exploited to cause denial of service conditions in networked environments. When the null pointer dereference occurs, the kernel generates a critical error message indicating the failure to handle a NULL pointer access at virtual address 0x0000000000000004. The call trace demonstrates that the error originates from enetc_pf_set_vf_mac function, which is part of the driver's network device operations implementation. This vulnerability affects systems using the enetc driver, particularly those running on ARM-based platforms such as the ls1028ardb reference board mentioned in the error logs. The vulnerability is classified under CWE-476 as a NULL pointer dereference, representing a classic software error where a pointer expected to contain a valid memory address instead contains NULL, leading to system instability.
The mitigation strategy for this vulnerability involves modifying the driver's initialization logic to ensure that vf_state memory allocation occurs during the PF probe phase regardless of whether VFs are immediately enabled. This approach aligns with the principle of defensive programming and proper resource management as recommended in various cybersecurity frameworks. The fix should be implemented by allocating vf_state structures early in the driver initialization process, ensuring that all necessary memory is available before any VF configuration operations can be performed. This solution prevents the race condition between VF state allocation and VF configuration operations, thereby eliminating the potential for null pointer dereference. Additionally, this fix should be validated against industry standards such as those outlined in the NIST Cybersecurity Framework and the MITRE ATT&CK framework's system hardening principles, which emphasize proper memory management and resource initialization as fundamental security controls. The vulnerability represents a critical issue in network driver security that requires immediate attention to prevent potential exploitation for system disruption attacks.