CVE-2024-27418

net: mctp: take ownership of skb in mctp_local_output

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: mctp: take ownership of skb in mctp_local_output

Currently, mctp_local_output only takes ownership of skb on success, and
we may leak an skb if mctp_local_output fails in specific states; the
skb ownership isn't transferred until the actual output routing occurs.

Instead, make mctp_local_output free the skb on all error paths up to
the route action, so it always consumes the passed skb.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: mctp: toma posesión de skb en mctp_local_output Actualmente, mctp_local_output solo toma propiedad de skb en caso de éxito, y podemos filtrar un fallo skb si mctp_local_output en estados específicos; la propiedad del skb no se transfiere hasta que se produce el enrutamiento de salida real. En su lugar, haga que mctp_local_output libere el skb en todas las rutas de error hasta la acción de ruta, de modo que siempre consuma el skb pasado.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-05-17 CVE Published
2024-05-18 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/833ef3b91de692ef33b800bca6b1569c39dece74	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd	2024-03-06
https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68	2024-03-06
https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b	2024-03-06
https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3	2024-02-23

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.1.81 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1.81"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.6.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.6.21"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.7.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.7.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.8"		en		Affected