CVE-2024-27417

Published: May 17, 2024Modified: Dec 23, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINVAL with an elevated "struct net" refcount.

Affected (13)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.20 to 5.4.271
Linux Linux Kernel	From 5.11 to 5.15.151
Linux Linux Kernel	From 5.16 to 6.1.81
Linux Linux Kernel	From 5.5 to 5.10.212
Linux Linux Kernel	From 6.2 to 6.6.21
Linux Linux Kernel	From 6.7 to 6.7.9
Linux Linux Kernel	Version 6.8 rc1
Linux Linux Kernel	Version 6.8 rc2
Linux Linux Kernel	Version 6.8 rc3
Linux Linux Kernel	Version 6.8 rc4
Linux Linux Kernel	Version 6.8 rc5
Linux Linux Kernel	Version 6.8 rc6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (15)

https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.