CVE-2024-27393

Published May 14, 2024

Last updated 4 hours ago

CVSS medium 5.5

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") and remaining callers converted (in commit 6bfef2ec0172 ("Merge branch 'net-page_pool-remove-page_pool_release_page'")). This leak became visible in v6.8 via commit dba1b8a7ab68 ("mm/page_pool: catch page_pool memory leaks").
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-401

Hype score: Not currently trending

🔴 Safari, #iOS, iPadOS, #macOS, visionOS, Arbitrary Code Execution, #CVE-2024-27393 (Critical) - Critical https://t.co/60NtIKDfAJ
@dailycve
28 Nov 2024
45 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15E220AB-9386-4168-BA23-71607F895ECA",
            "versionEndExcluding": "5.15.154",
            "versionStartIncluding": "5.9"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "325665BF-2409-49D9-B391-39AD4566FDBD",
            "versionEndExcluding": "6.1.85",
            "versionStartIncluding": "5.16"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C520696A-A594-4FFC-A32D-12DA535CE911",
            "versionEndExcluding": "6.6.26",
            "versionStartIncluding": "6.2"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10",
            "versionEndExcluding": "6.8.5",
            "versionStartIncluding": "6.7"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References