// For flags

CVE-2024-27417

ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

It seems that if userspace provides a correct IFA_TARGET_NETNSID value
but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()
returns -EINVAL with an elevated "struct net" refcount.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ipv6: soluciona una posible fuga de "struct net" en inet6_rtm_getaddr() Parece que si el espacio de usuario proporciona un valor IFA_TARGET_NETNSID correcto pero no los atributos IFA_ADDRESS e IFA_LOCAL, inet6_rtm_getaddr() devuelve -EINVAL con un recuento elevado de "estructura neta".

A flaw was discovered in the Linux kernel's IPv6 implementation, specifically within the inet6_rtm_getaddr() function. The issue arises when user space provides a valid IFA_TARGET_NETNSID value but omits the IFA_ADDRESS and IFA_LOCAL attributes. In such cases, the function returns an -EINVAL error while inadvertently increasing the reference count of the struct net object, leading to a potential memory leak. This flaw has been addressed by ensuring that the reference count is properly managed, preventing unintended resource retention. Users are advised to update their Linux kernel to a version that includes this fix to maintain system stability and prevent resource leaks.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-25 CVE Reserved
  • 2024-05-17 CVE Published
  • 2024-05-18 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.20 < 5.4.271
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.271"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.20 < 5.10.212
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.10.212"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.20 < 5.15.151
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.15.151"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.20 < 6.1.81
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.1.81"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.20 < 6.6.21
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.6.21"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.20 < 6.7.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.7.9"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.20 < 6.8
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.8"
en
Affected