CVE-2024-50041: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50041 is a vulnerability in the Linux kernel's i40e driver that was discovered and disclosed in October 2024. The issue involves a macvlan leak caused by concurrent access to vsi->macfilterhash, affecting Linux kernel versions from 5.15.54 up to 6.11.4 (NVD).

The vulnerability occurs when multiple threads attempt to modify the macfilterhash simultaneously, leading to inconsistent state and potential memory leaks in the i40e driver. The issue is classified as CWE-401 (Missing Release of Memory after Effective Lifetime) with a CVSS v3.1 base score of 5.5 MEDIUM (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD, Kernel Patch).

The vulnerability can result in memory leaks and inconsistent state in the macfilterhash when multiple threads concurrently access and modify the data structure. This primarily affects system availability through resource exhaustion (NVD).

The issue has been fixed by implementing proper synchronization using spinlock/unlockbh(&vsi->macfilterhashlock) around critical sections and adding lockdepassertheld(&vsi->macfilterhashlock) in i40eaddmac_filter(). Users should update to patched kernel versions that include the fix (Kernel Patch).