CVE-2024-39490
ipv6: sr: fix missing sk_buff release in seg6_input_core
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: fix missing sk_buff release in seg6_input_core
The seg6_input() function is responsible for adding the SRH into a
packet, delegating the operation to the seg6_input_core(). This function
uses the skb_cow_head() to ensure that there is sufficient headroom in
the sk_buff for accommodating the link-layer header.
In the event that the skb_cow_header() function fails, the
seg6_input_core() catches the error but it does not release the sk_buff,
which will result in a memory leak.
This issue was introduced in commit af3b5158b89d ("ipv6: sr: fix BUG due
to headroom too small after SRH push") and persists even after commit
7a3f5b0de364 ("netfilter: add netfilter hooks to SRv6 data plane"),
where the entire seg6_input() code was refactored to deal with netfilter
hooks.
The proposed patch addresses the identified memory leak by requiring the
seg6_input_core() function to release the sk_buff in the event that
skb_cow_head() fails.
En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ipv6: sr: corrige la versión faltante de sk_buff en seg6_input_core La función seg6_input() es responsable de agregar el SRH a un paquete, delegando la operación al seg6_input_core(). Esta función utiliza skb_cow_head() para garantizar que haya suficiente espacio libre en sk_buff para acomodar el encabezado de la capa de enlace. En caso de que la función skb_cow_header() falle, seg6_input_core() detecta el error pero no libera sk_buff, lo que provocará una pérdida de memoria. Este problema se introdujo en la confirmación af3b5158b89d ("ipv6: sr: corrige el ERROR debido a un espacio libre demasiado pequeño después de la inserción de SRH") y persiste incluso después de la confirmación 7a3f5b0de364 ("netfilter: agregue enlaces de netfilter al plano de datos SRv6"), donde todo el seg6_input( ) el código fue refactorizado para lidiar con los ganchos de netfilter. El parche propuesto aborda la pérdida de memoria identificada al requerir que la función seg6_input_core() libere sk_buff en caso de que skb_cow_head() falle.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-25 CVE Reserved
- 2024-07-10 CVE Published
- 2024-07-10 EPSS Updated
- 2024-11-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/af3b5158b89d3bab9be881113417558c71b71ca4 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.12 < 5.15.161 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 5.15.161" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.12 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 6.1.93" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.12 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 6.6.33" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.12 < 6.9.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 6.9.4" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.12 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 6.10" | en |
Affected
| ||||||