6.2

CVE-2024-39490

EPSS 0.12%
Veröffentlicht 10.07.2024 08:15:11
Zuletzt bearbeitet 24.03.2025 17:23:25
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: fix missing sk_buff release in seg6_input_core

The seg6_input() function is responsible for adding the SRH into a
packet, delegating the operation to the seg6_input_core(). This function
uses the skb_cow_head() to ensure that there is sufficient headroom in
the sk_buff for accommodating the link-layer header.
In the event that the skb_cow_header() function fails, the
seg6_input_core() catches the error but it does not release the sk_buff,
which will result in a memory leak.

This issue was introduced in commit af3b5158b89d ("ipv6: sr: fix BUG due
to headroom too small after SRH push") and persists even after commit
7a3f5b0de364 ("netfilter: add netfilter hooks to SRv6 data plane"),
where the entire seg6_input() code was refactored to deal with netfilter
hooks.

The proposed patch addresses the identified memory leak by requiring the
seg6_input_core() function to release the sk_buff in the event that
skb_cow_head() fails.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.12 < 5.15.161

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.93

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.33

Linux ≫ Linux Kernel Version >= 6.7 < 6.9.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.311

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/5447f9708d9e4c17a647b16a9cb29e9e02820bd9

Patch

https://git.kernel.org/stable/c/8f1fc3b86eaea70be6abcae2e9aa7e7b99453864

Patch

https://git.kernel.org/stable/c/e8688218e38111ace457509d8f0cad75f79c1a7a

Patch

https://git.kernel.org/stable/c/f4df8c7670a73752201cbde215254598efdf6ce8

Patch

https://git.kernel.org/stable/c/f5fec1588642e415a3d72e02140160661b303940

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-39490

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39490

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39490

EUVD