In the Linux kernel, the following vulnerability has been resolved: **mlxsw: spectrum_ipip**: A memory leak was fixed when changing the remote IPv6 address. The device stores IPv6 addresses that are used for encapsulation in linear memory, which is managed by the driver. Changing the remote address of an `ip6gre` network device never worked properly. However, since the mentioned commit, the following sequence of actions would result in a warning and a memory leak: The new remote address is never added to the driver’s hash table (and thus to the device), and the old address is never removed from it. The fix involves programming to add the new address when the configuration of the `ip6gre` network device changes, and removing the old address. If the address does not change, then the reference count of the address will be increased and then decreased. **[1]** ```bash # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit # ip link set dev bla type ip6gre remote 2001:db8:3::1 # ip link del dev bla # devlink dev reload pci/0000:01:00.0 ``` **[2]** **WARNING:** CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 `mlxsw_sp_ipv6_addr_put+0x140/0x1d0`: Modules linked in: CPU: 0 UID: 0 PID: 1682; Comm: ip; Not tainted; 6.12.0-rc3-custom-g86b5b55bc835 #151. Hardware name: Nvidia SN5600/VMOD0013, BIOS 5.13; Date: 05/31/2023. RIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0… **[…]** **Call Trace:** `` `mlxsw_sp_router_netdevice_event+0x55f/0x1240` `notifier_call_chain+0x5a/0xd0` `call_netdevice_notifiers_info+0x39/0x90` unregister_netdevice_many_notify+0x63e/0x9d0 rtnl_dellink+0x16b/0x3a0 rtnetlink_rcv_msg+0x142/0x3f0 netlink_rcv_skb+0x50/0x100 netlink_unicast+0x242/0x390 netlink_sendmsg+0x1de/0x420 ____sys_sendmsg+0x2bd/0x320 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xd0 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_afterHWframe+0x77/0x7f [3] Unreferenced object: 0xffff898081f597a0 (size 32): comm “ip”, pid 1626, jiffies 4294719324 Hex dump (first 32 bytes): 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 00 01 .................. 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia.................. Backtrace (crc fd9be911): [<00000000df89c55d>] __kmalloc_cache_noprof+0x1da/0x260 [<00000000ff2a1ddb>] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340 [<000000009ddd445d>] mlxsw_sp_router_netdevice_event+0x47b/0x1240 [<00000000743e7757>] notifier_call_chain+0x5a/0xd0 [<000000007c7b9e13>] call_netdevice_notifiers_info+0x39/0x90 [<000000002509645d>] register_netdevice+0x5f7/0x7a0 [<00000000c2e7d2a9>] ip6gre_newlink_common.isra.0+0x65/0x130 [<0000000087cd6d8d>] ip6gre_newlink+0x72/0x120 [<000000004df7c7cc>] rtnl_newlink+0x471/0xa20 [<0000000057ed632a>] rtnetlink_rcv_msg+0x142/0x3f0 [<0000000032e0d5b5>] netlink_rcv_skb+0x50/0x100 [<00000000908bca63>] netlink_unicast+0x242/0x390 [<00000000cdbe1c87>] netlink_sendmsg+0x1de/0x420 [<0000000011db153e>] ____sys_sendmsg+0x2bd/0x320 [<000000003b6d53eb>] ___sys_sendmsg+0x9a/0xe0 [<00000000cae27c62>] __sys_sendmsg+0x7a/0xd0

Query Builder