CVE-2024-42291: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-42291 addresses a vulnerability in the Linux kernel's ice driver where a malicious Virtual Function (VF) driver could request more than the software-imposed limit of FDIR (Flow Director) filters, potentially exhausting resources for other VFs. The issue was discovered and patched in August 2024 (Kernel Git).

The vulnerability exists in the Linux kernel's ice driver where while the iavf driver implements a software limit of 128 on the number of FDIR filters that a VF can request, there was no corresponding limit in the ice driver. This allowed a malicious VF to bypass this restriction and potentially exhaust shared resources. The fix implements a similar limit (ICEVFMAXFDIRFILTERS set to 128) in the ice driver and adds tracking of total filter count (Kernel Git).

A malicious Virtual Function driver could exploit this vulnerability to request an excessive number of FDIR filters, potentially exhausting resources and affecting the operation of other Virtual Functions on the same system (NVD).

The vulnerability has been patched in the Linux kernel by adding a per-VF limit on the number of FDIR filters. System administrators should update to the latest kernel version that includes the fix. The patch adds a limit of 128 FDIR filters per VF and implements proper tracking of filter count totals (Kernel Git).