Detections
Analytics

Bottlerocket: bottlerocket-kernel-5.15, kernel-5.15: security update to 5.15.182

medium Tenable Self-Hosted Container Security Plugin ID 428241

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

 - In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device
 removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test:
 unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6 ref_tracker:
 veth_A-R1@ffff888013df15d8 has 1/5 users at dst_init+0x84/0x4a0 dst_alloc+0x97/0x150
 ip6_dst_alloc+0x23/0x90 ip6_rt_pcpu_alloc+0x1e6/0x520 ip6_pol_route+0x56f/0x840
 fib6_rule_lookup+0x334/0x630 ip6_route_output_flags+0x259/0x480
 ip6_dst_lookup_tail.constprop.0+0x5c2/0x940 ip6_dst_lookup_flow+0x88/0x190
 udp_tunnel6_dst_lookup+0x2a7/0x4c0 vxlan_xmit_one+0xbde/0x4a50 [vxlan] vxlan_xmit+0x9ad/0xf20 [vxlan]
 dev_hard_start_xmit+0x10e/0x360 __dev_queue_xmit+0xf95/0x18c0 arp_solicit+0x4a2/0xe00
 neigh_probe+0xaa/0xf0 While the first suspect is the dst_cache, explicitly tracking the dst owing the last
 device reference via probes proved such dst is held by the nexthop in the originating fib6_info. Similar
 to commit f5b51fe804ec ("ipv6: route: purge exception on removal"), we need to explicitly release the
 originating fib info when disconnecting a to-be-removed device from a live ipv6 dst: move the fib6_info
 cleanup into ip6_dst_ifdown(). Tested running: ./pmtu.sh cleanup_ipv6_exception in a tight loop for more
 than 400 iterations with no spat, running an unpatched kernel I observed a splat every ~10 iterations.
 (CVE-2024-56751)

Plugin Details

Severity: Medium

ID: 428241

Version: Revision 1.1

Type: Local

Published: 6/30/2025

Updated: 6/30/2025

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-56751

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/29/2024

Reference Information

CVE: CVE-2024-56751