CVE-2024-50045: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50045 is a vulnerability in the Linux kernel's br_netfilter module that can cause a kernel panic when sending untagged traffic via a VxLAN device. The vulnerability was discovered in October 2024 and affects Linux kernel versions from 4.11 up to (excluding) 6.11.4. The issue occurs during the check for fragmentation in br_nf_dev_queue_xmit when specific conditions are met (NVD).

The vulnerability is triggered when all of the following conditions are met: 1) the br_netfilter module is loaded; 2) net.bridge.bridge-nf-call-iptables is set to 1; 3) a bridge with a VxLAN (single-vxlan-device) netdevice as a bridge port exists; 4) untagged frames with size higher than the VxLAN MTU are forwarded/flooded. The issue stems from improper handling of metadata_dst skb, where the tunnel_dst is a metadata type of dst with skb_valid_dst(skb) being false and metadata->dst.dev being NULL. The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability results in a kernel panic due to a NULL pointer dereference, leading to a denial of service condition. The crash occurs when ip_dst_mtu attempts to use skb_dst(skb) as a valid dst with valid dst->dev (Kernel Patch).

The vulnerability has been fixed in multiple Linux kernel versions through patches that add validation checks for metadata/template dst support. The fix involves dropping packets when skb_valid_dst(skb) is false, as fragmentation on metadata/template dst was never supported. Updates are available through various distribution channels (Kernel Patch).