In the Linux kernel, the following vulnerability has been resolved: i40e: Do not allow untrusted VF to remove administratively set MAC The Linux kernel CVE team has assigned CVE-2024-26830 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024041703-CVE-2024-26830-5bc0@gregkh/T
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2275597]
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2024-26830 is: CHECK Maybe valid. Check manually. with impact MODERATE (that is approximation based on flags REMOTE VIRT NETWORK ; these flags parsed automatically based on patche data). Such automatic check happens only for Low/Moderates (and only when not from reporter, but parsing already existing CVE). Highs always checked manually (I check it myself and then we check it again in Remediation team). In rare cases some of the Moderates could be increased to High later.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:8161 https://access.redhat.com/errata/RHSA-2024:8161
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:10941 https://access.redhat.com/errata/RHSA-2024:10941
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2025:0064 https://access.redhat.com/errata/RHSA-2025:0064
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2025:0063 https://access.redhat.com/errata/RHSA-2025:0063
Why is this fixed in various minor rhel versions -- 8.6 -- 8.8 -- 9.2 and not in the main rhel 8/9 versions? They are marked as "affected" in https://access.redhat.com/security/cve/CVE-2024-26830
(In reply to Klaas Demter from comment #19) > Why is this fixed in various minor rhel versions -- 8.6 -- 8.8 -- 9.2 and > not in the main rhel 8/9 versions? They are marked as "affected" in > https://access.redhat.com/security/cve/CVE-2024-26830 Hi Klaas, This issue was fixed for the lead RHEL 8 and 9 versions in errata that incorporated many other fixes: RHSA-2024:2394 (RHEL 9.4) RHSA-2024:3138 (RHEL 8.10) I'm working on an issue with the metadata for this flaw, but the erroneous "Affected" entries for RHEL 8 and 9 should be resolved in a day or two.