{"id":"CVE-2024-56751","summary":"ipv6: release nexthop on device removal","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel  I observed a splat every ~10 iterations.","modified":"2026-03-20T12:41:00.139013Z","published":"2024-12-29T11:30:16.805Z","related":["SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:1177-1","SUSE-SU-2025:1178-1","SUSE-SU-2025:1180-1","SUSE-SU-2025:20190-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20260-1","SUSE-SU-2025:20270-1","USN-7276-1","USN-7277-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56751.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0e4c6faaef8a24b762a24ffb767280e263ef8e10"},{"type":"WEB","url":"https://git.kernel.org/stable/c/43e25adc80269f917d2a195f0d59f74cdd182955"},{"type":"WEB","url":"https://git.kernel.org/stable/c/77aa9855a878fb43f547ddfbda3127a1e88ad31a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a3c3f8a4d025acc8c857246ec2b812c59102487a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b2f26a27ea3f72f75d18330f76f5d1007c791848"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eb02688c5c45c3e7af7e71f036a7144f5639cbfe"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56751.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56751"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74"},{"fixed":"77aa9855a878fb43f547ddfbda3127a1e88ad31a"},{"fixed":"b2f26a27ea3f72f75d18330f76f5d1007c791848"},{"fixed":"43e25adc80269f917d2a195f0d59f74cdd182955"},{"fixed":"a3c3f8a4d025acc8c857246ec2b812c59102487a"},{"fixed":"0e4c6faaef8a24b762a24ffb767280e263ef8e10"},{"fixed":"eb02688c5c45c3e7af7e71f036a7144f5639cbfe"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56751.json"}}],"schema_version":"1.7.5"}