#VU94104 Resource management error in Linux kernel - CVE-2024-27390
Published: July 11, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU94104
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-27390
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the way the synchronize_net() function is called within the ipv6_mc_down() function in net/ipv6/mcast.c, which can lead to long synchronization up to 5 minutes. A remote attacker can perform a denial of service (DoS) attack by initiating multiple connections.
Remediation
Install updates from vendor's website.
External links
- https://git.kernel.org/stable/c/9d159d6637ccce25f879d662a480541ef4ba3a50
- https://git.kernel.org/stable/c/a03ede2282ebbd181bd6f5c38cbfcb5765afcd04
- https://git.kernel.org/stable/c/26d4bac55750d535f1f0b8790dc26daf6089e373
- https://git.kernel.org/stable/c/7eb06ee5921189812e6b4bfe7b0f1e878be16df7
- https://git.kernel.org/stable/c/5da9a218340a2bc804dc4327e5804392e24a0b88
- https://git.kernel.org/stable/c/17ef8efc00b34918b966388b2af0993811895a8c
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2