Memory leak in Linux kernel - CVE-2024-53088
Published: November 20, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU100705
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-53088
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the i40e_count_filters(), i40e_correct_mac_vlan_filters(), i40e_correct_vf_mac_vlan_filters(), i40e_aqc_broadcast_filter() and i40e_sync_vsi_filters() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2024-53088
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/262dc6ea5f1eb18c4d08ad83d51222d0dd0dd42a
- https://git.kernel.org/stable/c/7ad3fb3bfd43feb4e15c81dffd23ac4e55742791
- https://git.kernel.org/stable/c/bf5f837d9fd27d32fb76df0a108babcaf4446ff1
- https://git.kernel.org/stable/c/6e046f4937474bc1b9fa980c1ad8f3253fc638f6
- https://git.kernel.org/stable/c/f30490e9695ef7da3d0899c6a0293cc7cd373567
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.172
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.117
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.61