5.5
CVE-2024-27418
- EPSS 0.22%
- Veröffentlicht 17.05.2024 12:15:13
- Zuletzt bearbeitet 26.09.2025 16:22:11
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
net: mctp: take ownership of skb in mctp_local_output
In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctp_local_output Currently, mctp_local_output only takes ownership of skb on success, and we may leak an skb if mctp_local_output fails in specific states; the skb ownership isn't transferred until the actual output routing occurs. Instead, make mctp_local_output free the skb on all error paths up to the route action, so it always consumes the passed skb.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15 < 6.1.81
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.21
Linux ≫ Linux Kernel Version >= 6.7 < 6.7.9
Linux ≫ Linux Kernel Version6.8 Updaterc1
Linux ≫ Linux Kernel Version6.8 Updaterc2
Linux ≫ Linux Kernel Version6.8 Updaterc3
Linux ≫ Linux Kernel Version6.8 Updaterc4
Linux ≫ Linux Kernel Version6.8 Updaterc5
Linux ≫ Linux Kernel Version6.8 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.122 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3
https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd
https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b
https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68